Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

CSRF Poc Doesn't work in Portswigger's Labs.

Ab | Last updated: Jan 23, 2023 11:41AM UTC

Hi, I've done some labs in the Academeny and I some are easy to understand and solve, However, the CSRF section doesn't work for me. I have created PoC for the First CSRF Lab titled: "CSRF vulnerability with no defenses" PoC: <html> <body> <form method="POST" action="https://0a7b0052033aa998c073227300da008d.web-security-academy.net/my-account/change-email"> <input type="hidden" name="email" value="fwafwa2f%40gmail.com"/> <input type="submit" value="Submit"> </form> </body> <html> However this doesn't work, neither if I run it on a local html file or on the exploit server. I tested other Labs and non seem to work for me. I understand the CSRF Concept I just can't seem to get it the labs solved. I have samesite protection disabled in firefox (about:config), I tried to use other browsers and it won't work. Please help! Thanks.

Ab | Last updated: Jan 23, 2023 11:44AM UTC

I know I will have to add the <script> document.forms[0].submit(); </script> so the page runs automaticly this don't work eaither, I just wanted to test it out manualy first, but yeah. the email never get's changed. I can change the email using repeater, but not The PoC

Hannah, PortSwigger Agent | Last updated: Jan 23, 2023 02:03PM UTC

Hi Have you tried doing this in Burp's inbuilt Chromium browser? Have you watched any of the community solutions as a video guide for the lab?

surya | Last updated: Jul 12, 2024 12:52PM UTC

Right now I am facing different problem the poc works for me.But not for the victim when I click deliver exploit to the victim the lab is still not completed.

surya | Last updated: Jul 12, 2024 12:53PM UTC

I used different browsers and watch community videos no hope.

Ben, PortSwigger Agent | Last updated: Jul 15, 2024 10:13AM UTC