Burp Suite User Forum

Create new post

CSRF Labs are buggy not working

M | Last updated: Feb 08, 2023 12:32PM UTC

Currently i'm trying to solve the CSRF labs. However, it seems that these are not working properly; It seems that the system doensn't work when you "deliver exloit to user". I know for a fact that the CSRF Payload is working, when i use the option "view exploit" the e-mail address of the user peter wiener gets updated. So it is not the payload that isn't working. Things i tried: Different form payload Community solution BurpSuite provided solution. No matter what i do, the lab doesn't see any solution as the proper solution.

nate | Last updated: Feb 08, 2023 02:21PM UTC

Same issue - definitely works for me but when delivering to client the client IP is never logged

Ben, PortSwigger Agent | Last updated: Feb 09, 2023 09:34AM UTC

Hi both, Just to clarify, you are having issues solving all of the labs in the CSRF topic or just certain ones? Are we able to drill down into a specific lab and get some details of how you are trying to solve it so that we can take a look at this for you?

Eragon | Last updated: Feb 09, 2023 12:05PM UTC

As in the lab, we can exploit the redirect_ui vulnerability by using the exploit server. I was wondering if you could help me understand how someone could exploit the redirect URI vulnerability in OAuth without knowing a valid client ID. From what I understand, the client ID acts as an identifier for the OAuth client, and without it, the authorization server will not proceed with the authorization flow. & in the lab, we can able to get the auth code from the admin without knowing his client_Id? Can you explain this further and if there is a way to exploit the redirect URI without a valid client ID?

Ben, PortSwigger Agent | Last updated: Feb 10, 2023 08:17AM UTC

Hi Eragon, Thanks for your query. Unfortunately, we are unable to provide personal support or tutoring to Academy users, as we prefer to improve the experience for our entire userbase by focussing on expanding and refining our public content. We will leave your post up on the forum in case a member of the community wants to reply.

Kartik | Last updated: Feb 26, 2023 03:24AM UTC

same issue. all csrf labs are not working.

Ben, PortSwigger Agent | Last updated: Feb 27, 2023 05:35PM UTC

Hi Kartik, Are you able to provide us with some details of what steps you are carrying out to try and solve one of the labs so that we can take a look at this for you?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.