Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Reflected XSS protected by CSP, with dangling markup attackected by CSP, with dangling markup attack

montanio | Last updated: Sep 02, 2020 04:43PM UTC

Hi As the solution indicate: ``` Examine the change email function. Observe that there is an XSS vulnerability in the email parameter. ``` Is there any explanation on how we get that? Thanks.

Uthman, PortSwigger Agent | Last updated: Sep 03, 2020 11:42AM UTC

Hi Montanio, You are supposed to verify the presence of an XSS vulnerability in the email parameter through experimentation.

almokhtar | Last updated: Jul 13, 2021 10:37AM UTC

the input filter all Texts and examined for Email addresses could you please provide us an example for an Examining which you think that ensure that Email Input field is vulnerable to XXE ?

almokhtar | Last updated: Jul 13, 2021 10:40AM UTC

and please could you explain why the lab is solved and the email address has been not changed (see the video for the Community solution. thanx

Ben, PortSwigger Agent | Last updated: Jul 13, 2021 06:23PM UTC

Hi, If you are struggling with this particular lab, have you read the background material below: https://portswigger.net/web-security/cross-site-scripting/dangling-markup https://portswigger.net/web-security/cross-site-scripting/content-security-policy

Lei-Hyun | Last updated: Aug 26, 2021 06:03PM UTC

I also have a similar question. The solution mentions that "Examine the "Update email" function. Observe that there is an XSS vulnerability in the email parameter." From where should we understand that /my-account receives an email parameter? I found no mention of it anywhere.

Ben, PortSwigger Agent | Last updated: Aug 27, 2021 09:56AM UTC

Hi, Have you examined the requests that are sent when you interact with the 'Update email' functionality?

Lei-Hyun | Last updated: Aug 27, 2021 12:19PM UTC

Yes. And they are even at different addresses. The email parameter is for /my-account but update email functionality is at /my-account/change-email

Ben, PortSwigger Agent | Last updated: Aug 31, 2021 10:27AM UTC