Burp Suite User Forum

Login to post

Without Burpsuite XSS not execute

Shuvo | Last updated: Nov 25, 2019 09:05PM UTC

Hello every one, I am facing a poblem. I found a Reflected XSS and report it but they dont accept it . They said ---------------------------------------------------------------------------------------- Thank your for the report. In your reproduction steps you use burp. Could you add reproduction steps to exploit this vulnerabilitie without the use of burp? We ask this because having to trick your victim into installing a proxy like burp and getting them to capture and edit their own request is not very likely to happen. If you are not able to exploit this XSS without the use of a proxy we have to reject this report. ---------------------------------------------------------------------------------------------- Then i tryed to execute xss directly in browser but its not working. payload : ">document.writeln(‘<form width=”0" height=”0" method=”POST” action=”’+x+’adminAdvanced.do”>’); document.writeln(‘<input type=”hidden” name=”token” value=”’ + token + ‘“ />’); document.writeln(%3Cscript%3Ealert%281%29%3C%2fscript%3E‘<input type=”hidden” name=”deletebtn” value=”Delete+project” />’); document.writeln(‘</form>’); document.forms[0].submit(); when i use burpsuite the xss execute and give alert (1) but when i try to execute directly in browser its not execute. but why? Is there any solution ? Thank you

You need to Log in to post a reply. Or register here, for free.