Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" lab

hack3rph0en1x | Last updated: Nov 29, 2023 08:56PM UTC

I hope this message finds you well. I wanted to bring to your attention an issue I encountered while working on the "Reflected XSS protected by very strict CSP, with dangling markup attack" lab. It seems that due to a recent update to Chromium, the lab is no longer functioning as expected. The specific challenge I'm facing is related to the strict CSP (Content Security Policy) implemented in the lab environment, which is now being bypassed due to a dangling markup attack. This issue seems to be a result of the recent Chromium update, which has introduced changes to the way CSP is enforced. I have attempted to find a workaround for this issue, but so far have been unsuccessful. I believe that the lab may need to be updated to account for the changes in Chromium and ensure that the intended security measures are still effective. I wanted to reach out to see if there are any plans to address this issue, or if there are any alternative approaches I could take to complete the lab under the current circumstances. Any guidance or updates on this matter would be greatly appreciated. Thank you for your attention to this matter. I look forward to your response.

Ben, PortSwigger Agent | Last updated: Nov 30, 2023 10:42AM UTC

Hi, You are correct, some recent Chrome updates have broken the current solution for this lab. We believe that we have another way of solving the lab but are currently running a little competition to see if any other users can also figure this out: https://twitter.com/portswiggerres/status/1726605124443750893?s=46 We will update the official solution in due course.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.