Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

LAB: DOM XSS in document.write sink using source location.search inside a select element

Kevin | Last updated: Sep 05, 2020 04:58PM UTC

Dear, So far I'm absolutely loving the Academy labs. It really made me realize the importance of having a program like Burpsuite having your back during pentesting (i know how to use a proxy, but was not yet familiar with Repeater and Intruder). Unfortunately I'm having trouble solving this lab. I had this problem with a previous lab as well. Without any help I managed to force an alert with the domain info, but the lab-status still was "Not Solved". Then I followed a video tutorial. Again a successful alert. My lab-status still was "Not solved". Then I went to take a look in the sollutionbox which told me to: Change the URL to: product?productId=1&storeId="></select><img%20src=1%20onerror=alert(1)> Which I did. And again I received the alert box. Unfortunately the lab-status still is "Not solved". I experienced this with a previous lab as well. Am I doing something wrong here? Or am i just supposed to skip certain labs? I don't know. I deleted my cookie-cache in my browser and am using a fully updated version Firefox with a fully updated Debian machine. Are some labs just "under construction" from your side? Or am I doing something repeatedly wrong? It's just quite demotivating in the learning process to try to solve a lab by yourself, think up a successful payload without help. Realizing your lab-status is still "Not solved" and start doubting yourself. Only to find out one hour later that the actual given "solutions" leave the lab-status "Not Solved" as well. Best regards, Kevin Olivieri

Michelle, PortSwigger Agent | Last updated: Sep 07, 2020 02:08PM UTC

Hi Kevin It's great to hear that you loving the Academy. None of the labs are under construction, so it should be possible to solve them using the suggested solutions. I've just checked this one and tried out the solution you mentioned, changing the URL to product?productId=1&storeId="></select><img%20src=1%20onerror=alert(1)> This gives me an alert and the lab status changes to solved. I used Firefox for the test as well and had the Intercept turned off in Burp Proxy. Can you give it another try, it doesn't sound like you're doing anything wrong.

Daniel | Last updated: Jan 27, 2022 03:07AM UTC

Hello, I am having the same problem. I've tried the solutions after giving up on my own solution only to discover the identical problem: the lab just does not solve no matter how alerts I produce with the select input.

Michelle, PortSwigger Agent | Last updated: Jan 27, 2022 11:56AM UTC