Burp Suite User Forum

Create new post

Obfuscating attacks using encodings href example

jne | Last updated: Sep 08, 2023 10:11AM UTC

Hello! Just a quick question. Is the example `<a href="javascript\u{0000000003a}alert(1)">Click me</a>` up to date here: https://portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings#obfuscation-via-unicode-escaping? Can't seem to get it to work with Firefox nor Chrome. Thanks!

Michelle, PortSwigger Agent | Last updated: Sep 08, 2023 01:13PM UTC

Thanks for getting in touch to let us know about this. This is a typo. It should be something like: <a href="javascript:\u{00000000061}lert(1)">Click me</a> We'll let the team know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.