Burp Suite User Forum

Create new post

Lab: CORS vulnerability with basic origin reflection (exploit working only if delivered)

Lucio | Last updated: May 29, 2024 02:52PM UTC

The exploit works only when delivered to the victim. By clicking on "View exploit" the browser (even the Burp's browser) block third-party cookie and CORS requests. This problem affects also the solution exploit.

Ben, PortSwigger Agent | Last updated: May 30, 2024 07:26AM UTC

Hi Lucio, Which browser are you using when you attempt this lab? If you use a normal version of Chrome (not the embedded browser), does this allow you to use the written solution?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.