Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: CSRF vulnerability with no defenses

Sunny | Last updated: Aug 17, 2020 05:03AM UTC

Hello, going through the lab https://portswigger.net/web-security/csrf/lab-no-defenses, for some reason he does not solved. https://forum.portswigger.net/thread/lab-csrf-vulnerability-with-no-defenses-35a98ebd I had some problems with the passage, I found people who had the same problems. Here is the video: https://www.youtube.com/watch?v=lkDj4WA9AEg The solution I'm using is: ``` <form method="POST" action="https://ac541f2c1facfe6680197eeb00cd0062.web-security-academy.net/email/change-email"> <input type="hidden" name="email" value="test&#64;test&#46;com"> </form> <script> document.forms[0].submit(); </script> ```

Ben, PortSwigger Agent | Last updated: Aug 17, 2020 01:26PM UTC

Hi, I have just used the solution that you have provided in your forum post (changing the lab ID to the one i am using) and it has successfully solved the lab for me. Are you storing the exploit after you have copied it into the Exploit Server? Are you using the correct Lab ID URL?

Sunny | Last updated: Aug 18, 2020 04:32AM UTC

Hi, yes, I tried several methods already, and through XHR, and recreated the rooms several times, it still did not work.

Ben, PortSwigger Agent | Last updated: Aug 18, 2020 07:34AM UTC

Hi, Are you able to provide us with step by step details of how you are trying to solve the lab so that we can take a further look for you? As mentioned, using the solution that you initially provided worked so the lab is functioning as expected.

Carolina | Last updated: May 25, 2023 02:44PM UTC

Still the same issue, it doesn't work despite using several machines and networks, also doing several attempts.

Ben, PortSwigger Agent | Last updated: May 25, 2023 05:18PM UTC

Hi Carolina, I have just run through this lab and been able to solve it using the solution provided so it is working as expected. Are you able to provide us with details of what you are configuring in the Exploit Server? Have you paid attention to the note in 'Hint' box?

d10phantOS | Last updated: Sep 13, 2024 04:26AM UTC

I'm encountering the same issue with multiple different CSRF PoCs generated by Burpsuite and when I test them myself by "Viewing Exploit" it successfully changes my email. It seems that part of the victim's automation is not working. In the exploit's /log I am seeing the GET /deliver-to-victim but never the usual follow up to GET /exploit where the exploit is currently stored. I've tried this 18 times now within the same lab.

Ben, PortSwigger Agent | Last updated: Sep 13, 2024 07:45AM UTC

Hi, Are you able to provide us some details of the payload that you are delivering and which lab you are trying to solve so that we can take a look at this?

d10phantOS | Last updated: Sep 13, 2024 02:03PM UTC

Sure can, the lab is https://portswigger.net/web-security/csrf/lab-no-defenses 1. Generate a CSRF payload for the request that changes my email https://LAB-ID.web-security-academy.net/my-account/change-email. 2. Exploit Server: Upload this solution, at path /exploit 3. Exploit Server: Save the latest changes by hitting "Store" 4. Exploit Server: "View Exploit" to verify it changes my email to "test@foo.com" 5. Exploit Server: Modify the email address in the payload to "exploited@foo.com" 5. Exploit Server: Save the latest changes by hitting "Store" 5. Exploit Server: "Deliver exploit to victim" 5. Exploit Server: View the access log on the exploit server at https://exploit-LABID.exploit-server.net/log where I never see the usual's victim's user agent show up, there is no victim traffic after "GET /deliver-to-victim" Alternatively, I'm also doing the above using the lab solution.

Ben, PortSwigger Agent | Last updated: Sep 17, 2024 10:13AM UTC

Hi, Are you able to share details of what your exploit looks like? I have just run through this lab and been able to solve it using the steps that you have outlined so it would be useful to get some more detail about the specifics of your exploit.

d10phantOS | Last updated: Sep 18, 2024 03:51AM UTC