Burp community forum

Scanner detects non-exploitable xss as "Confidence: Certain"

David | Last updated: Jun 11, 2019 06:57PM UTC

Hi there, Burp Scanner identified a Reflected XSS with the following payload: "cjb0i"accesskey="x"onclick="prompt(1)"//b1jkc" The problem is, that all modern browsers sent the " URL encoded as %22 and %22 is blocked by their WAF. This means, that this XSS is not exploitable, isn't it? Yes, I already tried double-encoding and other bypassing tricks - the problem in my opinion is, that Burp sends the quote non-URL encoded (which is not possible when you want to exploit this via a browser) and then assumes, that there exists an XSS vulnerability. Am I missing something? Regards David

PortSwigger Agent | Last updated: Jun 12, 2019 07:15AM UTC

This may be exploitable using Internet Explorer, as that doesn't encode URL parameters.

You need to Log in to post a reply. Or register here, for free.