Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Client-side prototype pollution in third-party libraries

MachiavelliII | Last updated: Jul 12, 2024 08:30PM UTC

Hi, I'm having trouble with the lab, after I exploited the vulnerability and tested It on myself the XSS fired with alert(1) but when I tried alert(document.cookie) the cookies didn't appear and there's no attribute prevent JavaScript from accessing the cookie It's just popup with empty alert even after I saw the solution nothing changed the same problem.

Michelle, PortSwigger Agent | Last updated: Jul 16, 2024 01:39PM UTC

Thanks for getting in touch. To help us understand what you're seeing, can we check a few details with you? When you tested with alert(document.cookie) was there any pop up at all? If you delivered the exploit to the victim, was the lab solved?

Jon-Erik | Last updated: Sep 18, 2024 08:01PM UTC

Hi Michelle. I can follow up on this, as I am having the same issue. When I use the exploit provided in the solution and click "View exploit", I receive a pop up, although the message is an empty string. When I click "Deliver exploit to victim" nothing happens and the lab is not solved.

Jon-Erik | Last updated: Sep 18, 2024 09:50PM UTC