Burp Suite User Forum

Login to post

XSS into Java Script

Dany | Last updated: Jan 12, 2020 07:26AM UTC

Hello, I have a question again. About context into JavaScript, "Terminating the existing script" I understood. The question appears when I go to the lab for practice, >>Reflected XSS into a JavaScript string with single quote and backslash escaped<<, I did it well, but in solutions, I saw a small thing, but I didn't understand it well. So we have to send a random alphanumeric string and after we see it is reflected inside a JS string. After, here is the question, we try to submit "test'payload" and we can observe that single quote gets backslash escaped. i read about escape, what it is for, and understood. But we can try to terminate the tag and introduce a new one without sending this payload, can't we?! Why should we send this particular payload, what does this allow us to see in terms of vulnerability search?? Sorry because my English isn't very good, I hope you got what I mean. Thanks)))))))

Ben, PortSwigger Agent | Last updated: Jan 13, 2020 08:57AM UTC

Hi, This particular payload is sent in order to identify that character escaping is being used within this particular environment. You could, of course, jump straight to sending the payload that terminates the existing script tag and introducing our own but the labs are really designed to give you experience of various different scenarios that you might face in the real world. This will allow you to adopt a methodology to follow in order to be able to identify and exploit XSS vulnerabilities in a whole range of different environments. Please let us know if you require any further information.

You need to Log in to post a reply. Or register here, for free.