Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Academy Lab: "Finding and exploiting an unsused API endpoint" | the sugested solution throws "error: 500"

Andreas | Last updated: Mar 09, 2024 02:17PM UTC

Hi. I am not sure whether I am just doing something wrong or if the solution for the lab has not been updated. Firstly, I tried to solve the lab on my own, but after countless "internal server error" responses I tried to follow the solution. But alas the same issue arises. The ironic part is that if i change the request method, and only the method to a "get" request, i will get back a valid json response. How am i supposed to solve this lab if i cannot get past the content-type error, or server error? Other issues with the solution guide: - the guide talks about receiving an error due to empty `Body:{}` which specifies a named missing parameter "price". tough in my session i only received the "application/json" error. my Request header: ` PATCH /api/products/1/price HTTP/2 Host: 0ab000cc0443d34180c67151000d00d3.web-security-academy.net Cookie: session=g5EZWdzKqb3AkrMxnvSNuXcODl4ifO9D Sec-Ch-Ua: "Chromium";v="119", "Not?A_Brand";v="24" Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept: */* Referer: https://0ab000cc0443d34180c67151000d00d3.web-security-academy.net/product?productId=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Body: {"price":0} Content-Type: application/json; charset=utf-8 ` the response: ` HTTP/2 500 Internal Server Error Content-Length: 21 Internal Server Error ` same request, different method => 'GET': ` HTTP/2 200 OK Content-Type: application/json; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Length: 87 {"price":"$1337.00","message":"17 people have viewed this item in the last 15 minutes"} `

Dominyque, PortSwigger Agent | Last updated: Mar 11, 2024 11:18AM UTC

Hi Andreas I have just attempted the lab and can confirm that it solves as expected with the written solution. Can you please try following along with this community video solution for further guidance on solving the lab?: https://www.youtube.com/watch?v=UUzdFir0HFo

Andreas | Last updated: Mar 11, 2024 12:24PM UTC