Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Scanner detects non-exploitable xss as "Confidence: Certain"

David Jun 11, 2019 06:57PM UTC

Hi there,

Burp Scanner identified a Reflected XSS with the following payload:
"cjb0i"accesskey="x"onclick="prompt(1)"//b1jkc"

The problem is, that all modern browsers sent the " URL encoded as %22 and %22 is blocked by their WAF.
This means, that this XSS is not exploitable, isn't it? Yes, I already tried double-encoding and other bypassing tricks - the problem in my opinion is, that Burp sends the quote non-URL encoded (which is not possible when you want to exploit this via a browser) and then assumes, that there exists an XSS vulnerability.
Am I missing something?

Regards
David


Paul Johnston Jun 12, 2019 07:17AM UTC Support Center agent

This may be exploitable using Internet Explorer, as that doesn’t encode URL parameters.


Post Your public answer

Your name
Your email address
Answer