Burp Suite User Forum

Login to post

Prototype Pollutions DOM Invader

Sara | Last updated: May 26, 2023 02:09PM UTC

Hi, I was trying to use DOM Invader to automatically find the way to solve the following exercises: Client-side prototype pollution in third-party libraries, DOM XSS via an alternative prototype pollution vector and Client-side prototype pollution via flawed sanitization. DOM Invader correctly find the prototype pollution vectors but after the Scan for the Gadgets it will return anything. How can I solve? Thank you, Sara

Ben, PortSwigger Agent | Last updated: May 29, 2023 08:11AM UTC

Hi Sara, We are aware of an issue with scanning for gadgets using DOM Invader (this is a result of Google altering some code that impacts how the scanning of gadgets was working). We do now have a fix for this issue and it is likely to be released in the 2023.5.1 version of Burp.

You need to Log in to post a reply. Or register here, for free.