Bug Reports - Page 31 - Burp Suite User Forum

Web Security Academy Lab Access Error

Hi, I'm having issues in accessing Web Security Lab. When I click on Access Lab button its shows error. Kindly help me to resolve this issue. Thanks and Regards

Ajax request header manipulation (DOM-based) & Other DOM-based issues

Hi, I often see such DOM-based issues, for example, something like this: Issue: Ajax request header manipulation (DOM-based) Issue detail: The application may be vulnerable to DOM-based Ajax request header...

Glitch and following mouse over

Hi Burpsuite Support Team. I got the problem with Burpsuite Professional v2023.6.2 on windows desktop, sometimes when I use burp, the display will error like a follow my mouse wherever go. I don't know it's a glitch or...

UI is a disaster

Hi! Thank you for all what you are doing but today I saw an updated Learning path lectures view and it is very bad! I have not so big screen, but now the half of it is taken by the awful blue menu/context field, which...

bug in burp suite navigation recorder.

Spend three weeks trying to find out what plugin was messing up three different web sites. Microsoft Edge, with burp suite navigation recorder installed and active. the web sites do not render. they do very strange...

Chromium freeze whenever I open Dev-Tools

Hello, Burp Suite Pro v2023.6-21057. I have had this issue for some time now with older version as well. I am using the built it Chromium browser, everything work just fine up until I open the browser developer tools -...

BurpSuite Enterprise Uses Log4j

Hi Support Team, I just wanted to ensure that log4j-core-2.14.1.jar installed by the Burpsuite enterprise web server is not vulnerable to RCE. I read in the forum that Burpsuite Enterprise does not consume log4J for...

Prototype Pollutions DOM Invader

Hi, I was trying to use DOM Invader to automatically find the way to solve the following exercises: Client-side prototype pollution in third-party libraries, DOM XSS via an alternative prototype pollution vector and...

Broken Lab: Visible error-based SQL injection

This lab was broken, it kept on giving same the error message: "Unterminated string literal started at position 95 in SQL SELECT * FROM tracking WHERE id = 'jUp8oNzaKr4pzj9y' AND 1 = CAST((SELECT password FROM users L'....

Section Symbols are appearing in images which breaks Intruder

Section Symbols '§' are appearing in any images (jpg, gif, png, etc.) when retrieved in GET requests or posted in POST, if sent to Intruder it corrupts the image because it strips those characters.

section symbole isuue

hi when i using intruder i have isuue with section symbole(§) There is the same symbol in my Arabic language, which causes interference and problems in the work of the intruder, can we change section symbol (§) with other...

Question/bug on lab "CORS vulnerability with internal network pivot attack"

While trying to solve the mentioned lab, the retrieved HTML code from the internal website cleary states that the request for the "login" is a POST. However, the solution silently continues with a GET to trigger the XSS. If...

Solved

The post you are implying about is my solution for all the set labs and solved all problems including bug labs Apetree1001@email.phoenix.edu

2FA bypass using brute-force attack

I'm not able to solve this lab using turbo intruder as I'm using burp suite community edition. I also try to check if this issue persist only with turbo intruder or normal intruder, but this issue also happens with normal...

Problem with license key Enterprise Edition

Dear team, I requested for trial version of Enterprise edition. I have received the required info and i have followed the steps on portswigger as well but the moment i upload the license key it is throwing me an error -...

Invalid certificate generated

The certificate generated contains a country code of PortSwigger which does not conform to the RFC which says that the country code should have a length of 2 https://datatracker.ietf.org/doc/html/rfc3280#page-96 This...

Intruder Payload processing

if i use Payload processing: hash:MD5 on result page i see hashed payloads. One of them "good" but i can't see in "raw" only hashed. Screenshot: https://i.imgur.com/X0Mxku3.png p.s. in this task i must brute-force...

my burp tip Unsupported or unrecognized SSL message

Using burp embedded browsing to visit the website to prompt certificate problems

Link manipulation (DOM-based) - JQuery

Hi all, we use jquery-3.3.1.js in our application. Burp scan found a Link manipulation (DOM-based) vulnerabilities in JQuery sources: 1. // Anchor tag for parsing the document origin originAnchor =...

CSRF where token validation depends on request method and

Hi, The lab seems to have a bug in it. When I submit Store, View Exploit and Deliver exploit to victim. The Lab is not getting solved. Please fix. Thanks, Suresh