Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

DOM-based link manipulation on detected on BURP scan

J | Last updated: Mar 17, 2022 03:58PM UTC

I was given a BURP report to analyze, and development of Web Apps is not my forte. I'm hoping someone can help with this. The following issues were detected on a BURP scan - The application may be vulnerable to DOM-based link manipulation. 1. Data is read from location.href and passed to the 'href' property of a DOM element via the following statement - originAnchor.href = location.href; 2. Data is read from document.location.href and passed to the 'href' property of a DOM element via the following statement - base.href = document.location.href; Each of these findings, there were two responses, both the same: Response 1: ... various header info ... <!DOCTYPE html> <!-- $Header: R:\somedir\somedir\somedir\xx\index.html-arc 1.27 04 Jan 2022 14:15:44 somedate $ --> <html lang="en"> Response 2: ... various header info ... /*! * jQuery JavaScript Library v3.5.1 * https://jquery.com/ * I assume that Response 1 is showing up because of the internal configuration documentation that contains the literal "$Header", and response 2 is showing up because of the https://jsquery.com. Note that both responses are within Comments directives - they are there for internal documentation, and not there to be actually run by the the end user of the web application. In this case, aren't the two findings false findings on the Scan?

James, PortSwigger Agent | Last updated: Mar 21, 2022 01:18PM UTC

Hello,

Thanks for your message.

Some advice below:

1) You could use our DOM invader tool to try and replicate/confirm the issue
https://portswigger.net/burp/documentation/desktop/tools/dom-invader

2) I would suggest asking the developers of the application to interpret the results

3) If you are still having issues after the above, please share the full scan report and any comments from the application developers and we will do our best to help you out (this may not always be possible, as we don't have knowledge of the target application). You can email this information over to us at support@portswigger.net

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.