Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

BSCP exam

Aren | Last updated: Nov 16, 2023 03:49PM UTC

Greetings. Today I participated to BSCP and failed. It may be that I couldn't get it but I really tend to think that there was an error to the server side. After exam I told and showed the exam to a very talented and certified Cybersecurity administrator and he also couldn't achieve it. The thing is, at the stage 3, where you have to obtain the /home/carlos/secret, I found out that the only way to do that is via path traversal on admin page. However no matter what I tried still no good. The photo's path was "/metrics/adminimg?imagename=1&dimensions="200x133%21"." However if you put ANYTHING else in imagename but a number, it's forbidden. If you decide to hex it, it tells you that File not found. So the server only uses numbers and nothing more. I thought it could be SQLi but it's not. I've even tampered with dimensions but still no luck. Please, I really ask you to explain me the problem with the machine? It would be great to have a chance to understand whether it's my fault or some technical issue. Best regards, Aren

Ben, PortSwigger Agent | Last updated: Nov 17, 2023 01:33PM UTC

Hi Aren, We can certainly double check your particularly exam instance for you to confirm whether or not everything was working as expected. We will do this and update this forum thread when we have some news to share.

Ben, PortSwigger Agent | Last updated: Nov 20, 2023 11:11AM UTC

Hi Aren, Thank you for your patience whilst we investigated your exam. We are happy that your exam instance was functioning as expected and that both exam apps were indeed solvable.

You need to Log in to post a reply. Or register here, for free.