Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

How to reproduce following POC of dom based open redirection Vulnerability Flagged by burp suite scan

Ahmed | Last updated: Aug 15, 2023 10:32AM UTC

Data is read from location.pathname and passed to xhr.open. The following value was injected into the source: /////hwrylpu593%27%22%60'%22/hwrylpu593/%3E%3Chwrylpu593//%3Egktz6gq8qs& The previous value reached the sink as: /////hwrylpu593'"`'"/hwrylpu593/><hwrylpu593//>gktz6gq8qs&?zqgerl0shg=zqgerl0shg%27%22`'"/zqgerl0shg/><zqgerl0shg/\>v0p1u3tf3q& The stack trace at the source was: at Object.jQyco (<anonymous>:1:109813) at Object.xiELL (<anonymous>:1:521436) at Object._0x4dc2e1 [as proxiedGetterCallback] (<anonymous>:1:537599) at get pathname [as pathname] (<anonymous>:1:236711) at https://www.tink.com/app-347fa0be076631072016.js:2:88301 The stack trace at the sink was: at Object.lbDRJ (<anonymous>:1:107180) at _0x3878e6 (<anonymous>:1:540000) at _0x485a57.<computed>._0x568136.<computed>.<computed>.<computed> [as open] (<anonymous>:1:445933) at https://www.tink.com/app-347fa0be076631072016.js:2:67217 at new Promise (<anonymous>) at d (https://www.tink.com/app-347fa0be076631072016.js:2:67165) at https://www.tink.com/app-347fa0be076631072016.js:2:75661 at async Promise.all (index 1) This was triggered by a readystatechange event. The following proof of concept was generated for this issue: https://www.tink.com/////someurl i can't reproduce it

Dominyque, PortSwigger Agent | Last updated: Aug 15, 2023 10:50AM UTC

Hi Ahmed We will respond to your email about this. Please respond there to keep the thread in one place; thank you.

You need to Log in to post a reply. Or register here, for free.