Burp Suite User Forum

Login to post

exploit server limitations

Alexander | Last updated: Jul 08, 2021 01:35PM UTC

During doing one of the labs, I encountered a limitation: it is impossible to create two endpoints with different exploits because after saving the last exploit, the previous gets erased. It forces one to try to put everything in one file that sometimes can be very inconvenient.

Ben, PortSwigger Agent | Last updated: Jul 09, 2021 07:27AM UTC

Hi Alexander, Which particular lab are you trying to solve?

Alexander | Last updated: Jul 12, 2021 12:33PM UTC

Hi. For example - https://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-an-open-redirect. In my opinion, it would be convenient to have 2 exploit pages: the first one redirects a victim to a vulnerable OAuth application with the second page as redirect_url, and the second one would request a random path and expose the token.

Ben, PortSwigger Agent | Last updated: Jul 13, 2021 07:32AM UTC

Hi Alexander, Thank you for the explanation. We will pass your feedback on to the Web Academy team.

You need to Log in to post a reply. Or register here, for free.