Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab "Reflected XSS into HTML context with all tags blocked except custom ones" cannot be validated

Dexiios | Last updated: Mar 21, 2024 10:04PM UTC

Hello, I'm trying to solve the lab "Reflected XSS into HTML context with all tags blocked except custom ones" with the solution provided and I also tried other solutions on the internet but when I deliver the exploit to the victim it doesn't validate the lab. When i click on "View exploit" it works and triggers the alert(document.cookie).

Ben, PortSwigger Agent | Last updated: Mar 22, 2024 11:11AM UTC

Hi, I have just run through this lab and was able to solve it using the solution provided so it does appear to be working as expected. Are you able to provide us with a screenshot of what your exploit looks like in the exploit server? If it is easier to provide this screenshot via email then please feel free to send us an email at support@portswigger.net and we can take a look from there.

Dexiios | Last updated: Mar 23, 2024 03:00PM UTC

Hi, I tested again and it seems to work, I think the lab instance I used on 21 march was broken or something because I litterally did the same thing within the exploit server like copying and pasting the solution and replace it with my lab ID.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.