Burp Suite User Forum

Login to post

Lab: Stored XSS into onclick event with angle brackets and double HTML

Cyn | Last updated: Aug 02, 2019 06:44PM UTC

Hi! I've done the exercise https://portswigger.net/web-security/cross-site-scripting/contexts/lab-onclick-event-angle-brackets-double-quotes-html-encoded-single-quotes-backslash-escaped but it was not marked as resolved... Also, I've made all the steps described in the "Solution" tab and it follow shown as not solved ... Can you help me? P.S: Sorry for my english

Burp User | Last updated: Aug 04, 2019 12:37PM UTC

Same problem here. I completed the lab but it is still labeled "Not solved". Thank you

Liam, PortSwigger Agent | Last updated: Aug 05, 2019 08:53AM UTC

Thanks for this report. We've confirmed this is broken and we'll get it fixed. In the meantime there is another solution that will solve the lab.

Nir | Last updated: Mar 15, 2020 12:45PM UTC

Still broken. I tried another solution and nothing happened (alert box popped when I clicked the author name)

Ben, PortSwigger Agent | Last updated: Mar 16, 2020 10:52AM UTC

Hi, I have just successfully solved this lab using the solution provided. Are you able to provide us with some details of the steps that you used to try and solve the lab?

bir | Last updated: Mar 16, 2020 08:37PM UTC

Hey, same here. I use : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0 for: https://portswigger.net/web-security/web-cache-poisoning/exploiting/lab-web-cache-poisoning-with-an-unkeyed-header and: I cleared my local cache there are couple of solutions for this exercise and all show NOT solved even though I do the one described in "Solution" I do see alert window, when I hit the product endpoint. So it definitely comes from exploit server. There is no data in alert. In console document.cookie as well shows ""

bir | Last updated: Mar 16, 2020 09:09PM UTC

For me the issue is for all labs

Ben, PortSwigger Agent | Last updated: Mar 17, 2020 09:21AM UTC

Hi, To confirm, you are having issues with the Web cache poisoning with an unkeyed header lab and not the Stored XSS into onclick event with angle brackets and double HTML lab that this forum post is about? In any case, i have just followed the solution provided for that particular lab and was able to successfully solve it. Are you able to provide some details of the steps that you are carrying out so that we can offer some guidance?

bir | Last updated: Mar 19, 2020 10:09PM UTC

Hey, yes you are right, the issue was on web cache. Problem was similar so I posted it here. The problem is that I (and maybe others too) misunderstood rules. I was caching data on server and with success getting xss payload with alert() on client. But not on the root page / . When I hit the / I got lab solved. So technically in 'real' case it would be vulnerability but here accepted is when solved on / - which make sense because this page is visited more frequently by users so issue has higher impact. Thanks

Kevin | Last updated: Sep 04, 2020 07:27PM UTC

Is this lab still broken? (Lab: Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped) I manage to get the alert to pop up etc, but the lab still shows Not Solved. I have followed multiple solutions all. All successfully showing alert prompts when i onclick on my Username. What am i doing wrong here? Using the newest version of Firefox with a fully updated Burpsuite Pro.

Ben, PortSwigger Agent | Last updated: Sep 07, 2020 01:54PM UTC

Hi Kevin, I have just tried this lab, alongside the solution provided, and it is solving successfully for me - how are you providing the final payload? In addition, have you watched the following video for this lab: https://www.youtube.com/watch?v=jJQknnwGaRg

You need to Log in to post a reply. Or register here, for free.