Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Lab: DOM XSS in jQuery selector sink using a hashchange event

Marcel | Last updated: Jul 17, 2024 12:12PM UTC

Hello! I managed to trigger the XSS payload on the exploit server but the lab is not marked as solved. I used this payload for the response body on the exploit server: <iframe src="https://0a4d004f04d306e581229389005f0045.web-security-academy.net/#" onload="this.src+='<img src=a onerror=print()>'"></iframe> When I visit the exploit URL, https://exploit-0a9700be0411064d81ae923f01cf00b4.exploit-server.net/exploit, the iframe is displayed and the XSS is triggered - print function is executing in repetition. I stored the exploit and delivered it to the victim. Access log also shows that the victim did in fact visit the exploit URL. However, the lab is not marked as solved. I even tried copying the exact string payload from the lab solution and observed the same behaviour. Thank you!

Ben, PortSwigger Agent | Last updated: Jul 18, 2024 07:24AM UTC

Hi Marcel, I have just run through this lab using the written solution in conjunction with the Firefox browser and been able to solve it so it does appear to be working as expected. Which browser are you using when you attempt this lab?

Marcel | Last updated: Jul 18, 2024 07:53AM UTC

I used the built-in Chromium browser. I tried it again now using Firefox and it indeed is working as expected so the lab is now solved. Thank you for your assistance!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.