Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Certification

MiX_FiX | Last updated: Mar 31, 2023 04:13PM UTC

Hello, I have been working on Burp Suite certification (2/3 or 3/3). I have encountered a File Path Traversal and have tried various solutions, including different payloads, obfuscation, encoding in various ways, and even tried using the 403bypasser tool, payloadallthethings, hacktricls, but it always returned a 403 error. One of the payloads I tried was "GET /admincontrols/metrics/admin-image?file_name=/blog/posts/../posts/31.jpg&imagesize=%22200x133%21%22" which resulted in a 403 error, while "/blog/posts/31.jpg" returned a 200 status code. I have attempted to use every payload listed in the Burp Suite Intruder (which includes 2200 payloads or 879 payloads), but all of them returned a 403 error. I have a copy of the project available if you need it. By the way, my exam is still in progress(20 minutes has passed since I finished my exam).

MiX_FiX | Last updated: Apr 02, 2023 01:54PM UTC

My exam still in progress by the way…

Michelle, PortSwigger Agent | Last updated: Apr 03, 2023 08:25AM UTC

Hi Thanks for getting in touch. We've received your email and will look into this for you. If we need any additional information, we'll let you know.

Patrick | Last updated: Apr 03, 2023 12:40PM UTC

Dear Michelle, I encountered the same thing and would like to find out if this was the way the exam was intended

Michelle, PortSwigger Agent | Last updated: Apr 03, 2023 01:10PM UTC

Hi Can you send an email to support@portswigger.net with a few more details? Have you had issues with the exam still showing as 'In progress' or did you encounter specific problems with one of the applications?

Anton | Last updated: Apr 06, 2023 03:04PM UTC

Hi, I have the same problem...

Michelle, PortSwigger Agent | Last updated: Apr 06, 2023 03:09PM UTC

Hi Thanks for getting in touch. When we investigated the other exam attempts in this thread, we found the exam applications were functioning as expected. The issue with the exam status showing incorrectly in PortSwigger accounts was unrelated. Can you send an email to support@portswigger.net with details of the email address linked to your exam attempt and any issues you have encountered during your exam, and we can take a closer look for you?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.