Burp community forum

CSRF exercise

rob_stack_attack | Last updated: Aug 02, 2019 12:27AM UTC

I am trying to solve the CSRF exercise/tutorial. I'm new to burp/port swigger. Here is a link to the exercise: https://portswigger.net/web-security/csrf/lab-no-defenses The solution I came up with is this: <form method="$POST" action="https://acfd1fc01ec27f6f80b26b810015001d.web-security-academy.net/email"> <input type="hidden" name="$email" value="$badEmail@bad.com"> </form> <script> document.forms[0].submit(); </script> After checking to see if it works I am brought back to the fake change email page and I can see the values changed/represented in the URL but the icon that says "unsolved" doesn't change to "solved". Does anyone know what I'm doing wrong?

Liam, PortSwigger Agent | Last updated: Aug 02, 2019 12:55PM UTC

Have you followed the steps in the solution?

Burp User | Last updated: Aug 02, 2019 03:51PM UTC

Yes I have. The steps can be seen in the solution but it's possible I misread something. Keep in mind I am using the community edition but there is nothing in the solution directly for that. The solution simply gives the template and says to fill in the info which I did.

Liam, PortSwigger Agent | Last updated: Aug 05, 2019 10:19AM UTC

We've tested the solution and it works for us.

You need to Log in to post a reply. Or register here, for free.