Burp Suite User Forum

Login to post

Wrong URL path is used in Reflected XSS vulnerability description

Ramesh | Last updated: Apr 01, 2021 03:47AM UTC

Initially below URL is used as vulnerable application URL path. https://insecure-website.com/search?term=gift And to show how is it vulnerable , the URL path got changed as below. https://insecure-website.com/status?message=<script>/*+Bad+stuff+here...+*/</script> It should be like : https://insecure-website.com/search?term=<script>/*+Bad+stuff+here...+*/</script>

Ben, PortSwigger Agent | Last updated: Apr 01, 2021 08:01AM UTC

Hi Ramesh,

Thank you for letting us know.

We will get this changed so that the URL parameter is consistent throughout the text on this particular page.

You need to Log in to post a reply. Or register here, for free.