Burp Suite User Forum

Login to post

DOM-based open redirection

Gokul | Last updated: Sep 09, 2021 02:35PM UTC

Is this vulnerable or just a false positive? n Util.addInputType(el)},addParams:function(params,url){A.use("querystring-stringify-simple");if(Lang.isObject(params)){params=A.QueryString.stringify(params)}else{params=Lang.trim(params)}if(params){ var loc=url||location.href; var anchorHash;var finalUrl;if(loc.indexOf("#")>-1){ var locationPieces=loc.split("#"); loc=locationPieces[0]; anchorHash=locationPieces[1]}if(loc.indexOf("?")==-1){params="?"+params}else{params="&"+params}if(loc.indexOf(params)==-1){ finalUrl=loc+params; if(anchorHash) {finalUrl+="#"+anchorHash}if(!url){ location.href=finalUrl }return finalUrl}}},camelize:function(value,separator){var regex=REGEX_DASH;if(separator){regex=new RegExp(separator+"([a-z])","gi")}value=value.replace(regex,function(match0,match1){return match1.toUp

Uthman, PortSwigger Agent | Last updated: Sep 10, 2021 09:11AM UTC

Hi Gokul, You may find the resources below helpful in understanding the issue better: - https://bountify.co/burp-suite-explain-dom-based-open-redirection - https://portswigger.net/support/using-burp-to-test-for-open-redirections - https://owasp.org/www-pdf-archive/OWASP_Appsec_Research_2010_Redirects_XSLJ_by_Sirdarckcat_and_Thornmaker.pdf You'll need to confirm the vulnerability with the developers of the site/application.

You need to Log in to post a reply. Or register here, for free.