Burp Suite User Forum

Login to post

Lab: Lab not working: DOM XSS in document.write sink using source location.search inside a select element

pauliekali | Last updated: Jun 13, 2022 01:51AM UTC

This lab doesn't work. Text injected doesn't display.

Michelle, PortSwigger Agent | Last updated: Jun 13, 2022 09:29AM UTC

Thanks for your message. We've just checked the lab and the details are being displayed in the drop-down list, have you tried following along with one of the community video solutions?

pauliekali | Last updated: Jun 14, 2022 09:03PM UTC

yes, it's not working

Michelle, PortSwigger Agent | Last updated: Jun 15, 2022 09:20AM UTC

When you carry out step 2 of the solution ('Add a storeId query parameter to the URL and enter a random alphanumeric string as its value. Request this modified URL') are you seeing your random string in the drop-down list of store locations? If not, can you send us a copy of the parameter you are trying to add?

You need to Log in to post a reply. Or register here, for free.