Burp Suite User Forum

Create new post

Lab: DOM XSS in sink using source document.writelocation.search APPRENTICE LAB Solved

Michele | Last updated: Jul 01, 2023 02:57PM UTC

link:https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink solution: "><svg onload=alert(1)> why this solution does not work? my solution: "><img onload=alert(1)>

Dominyque, PortSwigger Agent | Last updated: Jul 03, 2023 12:42PM UTC

Hi Michele As stated by step 3 in the lab, we are attempting to break out of the img attribute. This thread might give a good explanation as to why 'svg' is needed over the 'img': https://security.stackexchange.com/questions/258384/can-xss-ever-occur-in-an-img-tags-src-attribute

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.