The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Cross-site scripting (DOM-based)

Aly | Last updated: Nov 02, 2019 06:26PM UTC

Burp has created 3 different DOM XSS issues with this description with High Severity and Firm Confidence The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to the 'html()' function of JQuery. This is the static analysis : Data is read from window.location.hash and passed to the 'html()' function of JQuery via the following statements: var n=window.location.hash; $("#player" ) .html('<img alt=...' + n+ '"/0.jpg"/...' ) I don't know if it's a false positive but the missing slash before the n makes it look vulnerable. $("#player" ) .html('<img alt=...' + '/' + n+ '"/0.jpg"/...' ) --> with the slash it shouldn't be vulnerable I'm trying to give a n a new value such as var n="javascript:alert(document.domain)"; where should I inject the new value of n But I don't understand how can this impact the website or be executed . How can I exploit this?

Mike, PortSwigger Agent | Last updated: Nov 04, 2019 10:16AM UTC