Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

BSCP exam

Aren | Last updated: Nov 16, 2023 03:49PM UTC

Greetings. Today I participated to BSCP and failed. It may be that I couldn't get it but I really tend to think that there was an error to the server side. After exam I told and showed the exam to a very talented and certified Cybersecurity administrator and he also couldn't achieve it. The thing is, at the stage 3, where you have to obtain the /home/carlos/secret, I found out that the only way to do that is via path traversal on admin page. However no matter what I tried still no good. The photo's path was "/metrics/adminimg?imagename=1&dimensions="200x133%21"." However if you put ANYTHING else in imagename but a number, it's forbidden. If you decide to hex it, it tells you that File not found. So the server only uses numbers and nothing more. I thought it could be SQLi but it's not. I've even tampered with dimensions but still no luck. Please, I really ask you to explain me the problem with the machine? It would be great to have a chance to understand whether it's my fault or some technical issue. Best regards, Aren

Ben, PortSwigger Agent | Last updated: Nov 17, 2023 01:33PM UTC

Hi Aren, We can certainly double check your particularly exam instance for you to confirm whether or not everything was working as expected. We will do this and update this forum thread when we have some news to share.

Ben, PortSwigger Agent | Last updated: Nov 20, 2023 11:11AM UTC