Burp Suite User Forum

Create new post

Academy Lab Feedback: Exploiting NoSQL operator injection to bypass authentication

R | Last updated: Jul 09, 2024 06:26AM UTC

Hi, I was working on this lab, and found the description mis-leading. It suggested that I needed to login as the user called "administrator" to solve the lab, whereas the actual user required was not called "administrator" (but another username that started with "admin...").

Ben, PortSwigger Agent | Last updated: Jul 09, 2024 07:46AM UTC

Hi, Let me discuss this with the team - I believe we are referring to the 'administrator' user as the general user that has administrative privileges rather than this user being definitively called this within the lab but I can see why this might be slightly misleading.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.