Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

LAB WON'T SOLVE: DOM XSS in document.write sink using source location.search inside a select element

armon | Last updated: Jul 30, 2024 11:06AM UTC

The following lab will not solve even if the istruction are followed and the alert is spawned: DOM XSS in document.write sink using source location.search inside a select element

Dominyque, PortSwigger Agent | Last updated: Jul 30, 2024 01:55PM UTC

Hi, Which browser are you using to solve the lab? Is it the embedded browser?

armon | Last updated: Aug 02, 2024 08:10PM UTC

The same browser I have used to solve the other labs. I am not using Burpsuite only trying to directly inject the command in text (as suggested from solution), but the lab doesn't solve.

Darby | Last updated: Aug 02, 2024 11:37PM UTC

I'm experiencing the same thing. So I'm on firefox, attempted 2 solutions provided with the lab. The JavaScript is injected into the img src function correctly (double checked with the solutions) and the alert() window will not appear and the lab won't solve.

Darby | Last updated: Aug 03, 2024 12:13AM UTC

Disregard, You need to ensure you terminate the injected payload with ">" Thanks.

armon | Last updated: Aug 07, 2024 10:50PM UTC

Darby your suggestion solved the issue, so thanks for that even if I can't still understand why.

elhen | Last updated: Oct 22, 2024 12:31PM UTC

Hi, I have the same problem and I can't solve it even with the solution proposed by Darby or using Burpsuite.

Ben, PortSwigger Agent | Last updated: Oct 23, 2024 07:05AM UTC

Hi, I have just tried this lab and it appears to be working - have you tried this across multiple lab instances (so if you let your existing lab instance expire and then relaunch the lab so that you receive a lab with a different URL)?

elhen | Last updated: Oct 28, 2024 03:25PM UTC