Cross-site scripting – Reflected XSS | PortSwigger Lab Note #3

target: Lab URL: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-some-svg-markup-allowed Tools Used: browser Burp suite Vulnerability Summary: Type: Reflected XSS Description...

By · · 1 min read
Cross-site scripting – Reflected XSS | PortSwigger Lab Note #3

Source: DEV Community

target: Lab URL: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-some-svg-markup-allowed Tools Used: browser Burp suite Vulnerability Summary: Type: Reflected XSS Description: Steps to Exploit: 1.Determine that this is a reflected XSS vulnerability because the input appears directly in the HTML response. 2.Submit the payload alert(1) to test whether script execution is possible. 3.Observe that the <script> tag is blocked, then use Burp Intruder to analyze the filtering mechanism 4.Observe that most payloads return a 400 response, while payloads using tags such as <svg>, <animatetransform>, <title>, and <image> return a 200 response. 5.Select one allowed tag and use Intruder to test which attributes are permitted. 6.Construct a working payload based on the allowed tags and attributes to trigger the XSS. Remediation: The application should implement proper context-aware output encoding to prevent user-supplied data from being interpret

Related Posts

Trending on ShareHub

  1. Understanding Modern JavaScript Frameworks in 2026
    by Alex Chen · Feb 12, 2026 · 0 likes
  2. The System Design Primer
    by Sarah Kim · Feb 12, 2026 · 0 likes
  3. Just shipped my first open-source project!
    by Alex Chen · Feb 12, 2026 · 0 likes
  4. OpenAI Blog
    by Sarah Kim · Feb 12, 2026 · 0 likes
  5. Building Accessible Web Applications: A Practical Guide
    by Alex Chen · Feb 12, 2026 · 0 likes
  6. Rapper Lil Poppa dead at 25, days after releasing new music
    Rapper Lil Poppa dead at 25, days after releasing new music
    by Anonymous User · Feb 19, 2026 · 0 likes
  7. write-for-us
    by Volt Raven · Mar 7, 2026 · 0 likes
  8. Before the Coffee Gets Cold: Heartfelt Story of Time Travel and Second Chances
    Before the Coffee Gets Cold: Heartfelt Story of Time Travel and Second Chances
    by Anonymous User · Feb 12, 2026 · 0 likes
    #coffee gets cold #the #time travel
  9. Best DoorDash Promo Code Reddit Finds for Top Discounts
    Best DoorDash Promo Code Reddit Finds for Top Discounts
    by Anonymous User · Feb 12, 2026 · 0 likes
    #doordash #promo #reddit
  10. Premium SEO Services That Boost Rankings & Revenue | VirtualSEO.Expert
    by Anonymous User · Feb 12, 2026 · 0 likes
  11. NBC under fire for commentary about Team USA women's hockey team
    NBC under fire for commentary about Team USA women's hockey team
    by Anonymous User · Feb 18, 2026 · 0 likes
  12. Where to Watch The Nanny: Streaming and Online Viewing Options
    Where to Watch The Nanny: Streaming and Online Viewing Options
    by Anonymous User · Feb 12, 2026 · 0 likes
    #streaming #the nanny #where
  13. How Much Is Kindle Unlimited? Subscription Cost and Plan Details
    How Much Is Kindle Unlimited? Subscription Cost and Plan Details
    by Anonymous User · Feb 12, 2026 · 0 likes
    #kindle unlimited #subscription #unlimited
  14. Russian skater facing backlash for comment about Amber Glenn
    Russian skater facing backlash for comment about Amber Glenn
    by Anonymous User · Feb 18, 2026 · 0 likes
  15. Google News
    Google News
    by Anonymous User · Feb 18, 2026 · 0 likes

Latest on ShareHub

Browse Topics

#artificial intelligence (31568)#data science (24018)#ai (17133)#generative ai (15034)#crypto (15004)#machine learning (14681)#bitcoin (14252)#featured (13563)#news & insights (13064)#crypto news (11089)

Around the Network