Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How to reproduce following POC of dom based open redirection Vulnerability Flagged by burp suite scan

Ahmed | Last updated: Aug 15, 2023 10:32AM UTC

Data is read from location.pathname and passed to xhr.open. The following value was injected into the source: /////hwrylpu593%27%22%60'%22/hwrylpu593/%3E%3Chwrylpu593//%3Egktz6gq8qs& The previous value reached the sink as: /////hwrylpu593'"`'"/hwrylpu593/><hwrylpu593//>gktz6gq8qs&?zqgerl0shg=zqgerl0shg%27%22`'"/zqgerl0shg/><zqgerl0shg/\>v0p1u3tf3q& The stack trace at the source was: at Object.jQyco (<anonymous>:1:109813) at Object.xiELL (<anonymous>:1:521436) at Object._0x4dc2e1 [as proxiedGetterCallback] (<anonymous>:1:537599) at get pathname [as pathname] (<anonymous>:1:236711) at https://www.tink.com/app-347fa0be076631072016.js:2:88301 The stack trace at the sink was: at Object.lbDRJ (<anonymous>:1:107180) at _0x3878e6 (<anonymous>:1:540000) at _0x485a57.<computed>._0x568136.<computed>.<computed>.<computed> [as open] (<anonymous>:1:445933) at https://www.tink.com/app-347fa0be076631072016.js:2:67217 at new Promise (<anonymous>) at d (https://www.tink.com/app-347fa0be076631072016.js:2:67165) at https://www.tink.com/app-347fa0be076631072016.js:2:75661 at async Promise.all (index 1) This was triggered by a readystatechange event. The following proof of concept was generated for this issue: https://www.tink.com/////someurl i can't reproduce it

Dominyque, PortSwigger Agent | Last updated: Aug 15, 2023 10:50AM UTC