Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

LAB: DOM XSS in document.write sink using source location.search inside a select element

Kevin | Last updated: Sep 05, 2020 04:58PM UTC

Dear, So far I'm absolutely loving the Academy labs. It really made me realize the importance of having a program like Burpsuite having your back during pentesting (i know how to use a proxy, but was not yet familiar with Repeater and Intruder). Unfortunately I'm having trouble solving this lab. I had this problem with a previous lab as well. Without any help I managed to force an alert with the domain info, but the lab-status still was "Not Solved". Then I followed a video tutorial. Again a successful alert. My lab-status still was "Not solved". Then I went to take a look in the sollutionbox which told me to: Change the URL to: product?productId=1&storeId="></select><img%20src=1%20onerror=alert(1)> Which I did. And again I received the alert box. Unfortunately the lab-status still is "Not solved". I experienced this with a previous lab as well. Am I doing something wrong here? Or am i just supposed to skip certain labs? I don't know. I deleted my cookie-cache in my browser and am using a fully updated version Firefox with a fully updated Debian machine. Are some labs just "under construction" from your side? Or am I doing something repeatedly wrong? It's just quite demotivating in the learning process to try to solve a lab by yourself, think up a successful payload without help. Realizing your lab-status is still "Not solved" and start doubting yourself. Only to find out one hour later that the actual given "solutions" leave the lab-status "Not Solved" as well. Best regards, Kevin Olivieri

Michelle, PortSwigger Agent | Last updated: Sep 07, 2020 02:08PM UTC

Hi Kevin It's great to hear that you loving the Academy. None of the labs are under construction, so it should be possible to solve them using the suggested solutions. I've just checked this one and tried out the solution you mentioned, changing the URL to product?productId=1&storeId="></select><img%20src=1%20onerror=alert(1)> This gives me an alert and the lab status changes to solved. I used Firefox for the test as well and had the Intercept turned off in Burp Proxy. Can you give it another try, it doesn't sound like you're doing anything wrong.

Daniel | Last updated: Jan 27, 2022 03:07AM UTC

Hello, I am having the same problem. I've tried the solutions after giving up on my own solution only to discover the identical problem: the lab just does not solve no matter how alerts I produce with the select input.

Michelle, PortSwigger Agent | Last updated: Jan 27, 2022 11:56AM UTC

Thanks for getting in touch. We've just tested this using both Firefox and Burp's embedded browser and have been able to solve it successfully. If you're still having issues can you email a screen recording of the steps you're taking to support@portswigger.net, please?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.