Burp Suite User Forum

Login to post

Reflected XSS into HTML context with most tags and attributes blocked

Chinmay | Last updated: Oct 11, 2021 11:58AM UTC

Hello Team, I am not able to understand why are replacing body tag with <body%20=1> this input

Michelle, PortSwigger Agent | Last updated: Oct 12, 2021 02:52PM UTC

Thanks for your message. In step 8 of the solution, you have identified that the body payload generates a different response to the other payloads you tested using Intruder. The next step where you replace your search term with <body%20=1> is in preparation for the next Intruder attack where you are copying the events from the XSS cheat sheet for a second Intruder attack. The value of the search term will then look like <body%20§§=1> and the different payloads copied from the XSS cheat sheet will be added in so the individual tests will include things like <body%20onactivate=1> and <body%20 onafterprint=1> I hope this helps and you're enjoying the labs!

You need to Log in to post a reply. Or register here, for free.