Burp Suite User Forum

Create new post

Issues on the proposed solution to Lab: Forced OAuth profile linking

Abhi | Last updated: Sep 26, 2024 08:28AM UTC

I have tried both iframe and img tabs in burp's browser and others. I have tried switching to incognito, but that doesn't help either. I have tried multiple ways to deliver the payload, but it seems like the user doesn't visit the link as I can't see the admin panel. I do store the payload every time before delivering it to the victim. Please help! Payloads: 1. <iframe src="https://0a430063042db3a480319417000700f4.web-security-academy.net/oauth-linking?code=2rOZULdXls33S84_5iVtu_phzi3LrBdvm7_ByxYWrPV"></iframe> 2.<img src="https://0a430063042db3a480319417000700f4.web-security-academy.net/oauth-linking?code=2rOZULdXls33S84_5iVtu_phzi3LrBdvm7_ByxYWrPV">

Abhi | Last updated: Sep 26, 2024 09:30PM UTC

Hello Team, I tried it again today and was able to solve it. I used the same payload (iframe), but it worked. Thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.