Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Scanner found Dom Based XSS status Firm

Shvuo | Last updated: Jul 03, 2020 03:12PM UTC

Hello team , i just want to know, is there any possibility to execute DOM Based XSS ? Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location and passed to the 'wrap()' function of function of JQuery via the following statement: t.Location.wrap(window.location) Response : {var n,r,i,o;return this.shouldHandlePopState()&&(o=null!=(r=e.state)?r.turbolinks:void 0)?(n=t.Location.wrap(window.location),i=o.restorationIdentifier,this.delegate.historyPoppedToLocationWithRestorationIdentifier(n,i)):void 0}, and also found Link manipulation (DOM-based) Issue detail : The application may be vulnerable to DOM-based link manipulation. Data is read from location.href and passed to the 'href' property of a DOM element via the following statement: t.href=location.href; Thank you

Michelle, PortSwigger Agent | Last updated: Jul 06, 2020 11:50AM UTC

The request and response data linked to the issue should provide some more details and help you determine how to exploit the vulnerability. You will also need to look at detail such as whether the Scanner was logged in as particular user when the issue was found so you can correctly replicate the session. You can also find more information on DOM-based XSS here: https://portswigger.net/web-security/cross-site-scripting/dom-based

Michelle, PortSwigger Agent | Last updated: Jul 21, 2020 10:23AM UTC