Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Need clarification in Exploiting XSS using script tags

Madhumathi | Last updated: Aug 26, 2021 07:28AM UTC

I'm a beginner. I tried to create a proof of concept using <script>alert(1)</script> in repeater and I viewed the same in web where the alert box didn't appear, but the mentioned script tag was present in the search box for which I was testing. Does this mean it is vulnerable or not? Kindly clarify.

Uthman, PortSwigger Agent | Last updated: Aug 26, 2021 08:18AM UTC

Hi Madhumathi, You can find some helpful resources on XSS below: - https://portswigger.net/web-security/cross-site-scripting - https://portswigger.net/web-security/cross-site-scripting/cheat-sheet Please give these a read and you should be able to understand the issue a lot better. A lot of applications and modern browsers have some type of XSS protection in place (i.e. sanitizing code in input fields to ensure that certain characters are encoded).

Madhumathi | Last updated: Aug 26, 2021 10:53AM UTC

Hi, thank you for your quick response. I checked both the resources and tried with <body onbeforeprint=console.log(1)> instead of <script>alert(1)</script>. In the burp repeater, when the request was sent without the payload, the given input was found in 10 locations in the response. When I tried with the above print payload it resulted in 15 positions and when I copied and pasted the URL to get Proof of concept, the print didn't appear in the screen, instead the page was redirected to another menu in the same application. I tried to figure out if this is vulnerable or not, but couldn't get a clear idea. Kindly clarify this. Is redirection during XSS exploit mean the web application is vulnerable?

Madhumathi | Last updated: Aug 30, 2021 05:58AM UTC

Hi Team, Kindly let me know if redirection to another page of the same web application a result of vulnerability? Kindly explain. Looking forward to get an answer. Thanks in advance!

Uthman, PortSwigger Agent | Last updated: Aug 31, 2021 12:19PM UTC

Hi Madhumathi, Our technical support service is provided to assist you with any queries/issues with our products. If the XSS is being reported by the scanner, you can look at the Request section on the reported issue > Right-click > Request in browser > In original session. This should trigger the alert if you are using an XSS payload. If you are asking whether your XSS payload can be triggered in a redirect URL, it does look like this is possible: - https://hackerone.com/reports/316319 You will need to do some more research into the issue because we do not offer consulting services, unfortunately. This post will remain on the forum so that a member of the community can chime in too.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.