Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Exploit Dom based XSS

Akib | Last updated: Feb 21, 2020 03:08PM UTC

While scanning burp reported some tentative XSS(Dom-based); all stating, 'The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $() via the following statement: $('html, body').animate({ scrollTop: $(window.location.hash).offset().top }, 1000) Wondering what payload should i try to exploit it? or is it positive?

Hannah, PortSwigger Agent | Last updated: Feb 21, 2020 03:17PM UTC

There should be more information available to you so that you can attempt to replicate this behavior manually. Have you had a look at the request and response tabs for that issue? They should provide some more information on how you can attempt to exploit it. For more information, please refer to the following page: https://portswigger.net/support/using-burp-scanner-to-test-for-dom-based-xss

Akib | Last updated: Feb 22, 2020 10:29AM UTC

Thanks for your reply. I've checked the link you shared. In that given example(in your link) javascript function "trigMMlurl" is called and parameter "menu" is passed but my javascript function is self-invoked, started with (function ($) { $(document).ready(function () { if (window.location.hash) { setTimeout(function () { $('html, body').scrollTop(0).show(); $('html, body').animate({ scrollTop: $(window.location.hash).offset().top }, 1000) }, 0); }

Hannah, PortSwigger Agent | Last updated: Feb 24, 2020 10:29AM UTC