Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

LAB WON'T SOLVE: DOM XSS in document.write sink using source location.search inside a select element

armon | Last updated: Jul 30, 2024 11:06AM UTC

The following lab will not solve even if the istruction are followed and the alert is spawned: DOM XSS in document.write sink using source location.search inside a select element

Dominyque, PortSwigger Agent | Last updated: Jul 30, 2024 01:55PM UTC

Hi, Which browser are you using to solve the lab? Is it the embedded browser?

armon | Last updated: Aug 02, 2024 08:10PM UTC

The same browser I have used to solve the other labs. I am not using Burpsuite only trying to directly inject the command in text (as suggested from solution), but the lab doesn't solve.

Darby | Last updated: Aug 02, 2024 11:37PM UTC

I'm experiencing the same thing. So I'm on firefox, attempted 2 solutions provided with the lab. The JavaScript is injected into the img src function correctly (double checked with the solutions) and the alert() window will not appear and the lab won't solve.

Darby | Last updated: Aug 03, 2024 12:13AM UTC

Disregard, You need to ensure you terminate the injected payload with ">" Thanks.

armon | Last updated: Aug 07, 2024 10:50PM UTC

Darby your suggestion solved the issue, so thanks for that even if I can't still understand why.

elhen | Last updated: Oct 22, 2024 12:31PM UTC

Hi, I have the same problem and I can't solve it even with the solution proposed by Darby or using Burpsuite.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.