Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Authentication bypass via encryption oracle

kairosdev | Last updated: Jan 10, 2022 06:33PM UTC

I'm stuck in "Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used" according to Portswigger Solution. I've tried several times and I always got a "HTTP/1.1 200 OK" response. I've already deleted the 23 hex bytes but I can't get the error.

Michelle, PortSwigger Agent | Last updated: Jan 11, 2022 08:38AM UTC

Thanks for getting in touch. We've been able to replicate your issue and we're currently looking into this. We'll be in touch with an update soon.

Bin | Last updated: Jan 16, 2022 08:09PM UTC

I am getting the same issue, refers to: Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used and that the input length must be a multiple of 16. You need to pad the "Invalid email address: " prefix with enough bytes so that the number of bytes you will remove is a multiple of 16. Let us know when you have resolved the issue. This is the last step in the Lab. Thanks

Michelle, PortSwigger Agent | Last updated: Jan 17, 2022 08:28AM UTC

Thanks for getting in touch to raise this with us, we are aware of this error and we are working on a fix for it. We'll post back here when the fix is released.

Michelle, PortSwigger Agent | Last updated: Jan 28, 2022 11:01AM UTC

Hi both We have fixed the issues in this lab so you should now see the error message mentioned in step 9.

kairosdev | Last updated: Feb 07, 2022 08:39PM UTC

Thanks. Now it works fine.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.