michael-eaton-portswigger
commented
5 months ago @whoissecure As a contributor to our GitHub repository, we would like to invite you to our closed Discord community.
It is a place where passionate Burp users, including people who directly work on building and developing Burp here at PortSwigger, can talk about the tooling and web security in general.
If you would like to join, please email us at support@portswigger.net and we will send over an invite link.
Thank you!
This will avoid false positives due to the fact that some 404 status pages returns the introduced parameter encoding the "<" and ">" characters, but not the ".", so "document.cookie" appears but the rest of the payload is as introduced, "%3Cscript%3Ealert(document.cookie)%3C/script%3e". The payload should match fully in a positive case.