Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

LAB Client-side prototype pollution in third-party libraries

Luca | Last updated: Apr 19, 2023 12:01AM UTC

Hi, can anybody double-check that DOM Invader is able to find a gadget for this one? I followed the solution steps and it doesn't seem to find the gadget as mentioned. Thank you

Luca | Last updated: Apr 19, 2023 12:35AM UTC

I'm also wondering why the payload works when clicking on "view exploit" in the exploit server, but not if I copy and paste it manually on the home page...

Luca | Last updated: Apr 20, 2023 08:41AM UTC

Ping... can anybody from Portswigger check this please?

Ben, PortSwigger Agent | Last updated: Apr 20, 2023 08:47AM UTC

Hi Luca, We will take a look at this particular lab and get back to you in due course.

Ben, PortSwigger Agent | Last updated: Apr 20, 2023 04:33PM UTC

Hi Luca, I can replicate the behaviour you are seeing - we are currently investigating why this is happening. I will update this forum thread when I find out some more information.

Luca | Last updated: Apr 24, 2023 09:53PM UTC

Fortunately I have this page still open... for some reason it does not show up in a search :)

unkown | Last updated: Apr 28, 2023 10:24AM UTC

I saw this bug a week ago.

Ben, PortSwigger Agent | Last updated: May 03, 2023 12:51PM UTC

Hi all, Having discussed this with the team we think this is a bug in DOM Invader related to some of the patches being applied to Chrome. We are going to have to work on fix to get this resolved so will update this forum thread when we believe it has been fixed.

Luke | Last updated: Mar 04, 2024 09:41AM UTC

Hi - just want to know what the status is for this? can get my payload to trigger when I view the exploit, but no "Solved" when delivering to victim

Ben, PortSwigger Agent | Last updated: Mar 04, 2024 10:53AM UTC