Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: Exploiting PHP deserialization with a pre-built gadget chain

Nayan | Last updated: Nov 12, 2020 06:13PM UTC

After modifying the cookie, I am not getting the Symfony internal server error. I am getting a blank screen in Response section. Also after replacing my session cookie with the malicious one created by me, my lab is not getting solved after sending the request. I have performed all the steps multiple times and not missed out on anything, still these problems are not getting solved.

Ben, PortSwigger Agent | Last updated: Nov 13, 2020 10:26AM UTC

Hi, Which request are you using to modify the cookie and how are you modifying it? One of our users, Michael Sommer, has created video solutions for a number of these lab exercises. Sometimes it is easier to follow along to a visual solution so have you checked the following solution on YouTube: https://www.youtube.com/watch?v=WmO8Kad0M7Y

Andreas | Last updated: Sep 01, 2021 12:43AM UTC

Hi, I have a similar issue. Posting the following request - GET /my-account HTTP/1.1 Host: ac451fdc1f8956ef803006e200db00d2.web-security-academy.net Cookie: session=%7B%22token%22%3A%22Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjY6IndpZW5lciI7czoxMjoiYWNjZXNzX3Rva2VuIjtzOjMyOiJocTR0cW4waGxhcnpmbmJmc2RibDVvNnl2amJubWZzayI7fQ%3D%3D%22%2C%22sig_hmac_sha1%22%3A%22d0e6e9063b666dfe339a5f9696090b0f39fb150f%22% User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://ac451fdc1f8956ef803006e200db00d2.web-security-academy.net/login Upgrade-Insecure-Requests: 1 Sec-Gpc: 1 Cache-Control: max-age=0 Te: trailers Connection: close I receive this error message - HTTP/1.1 400 Bad Request Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 164 <html><head><title>Client Error: Too Nosy</title></head><body><h1>Client Error: Tampering with the _lab cookie is not required to solve this lab.</h1></body></html> When looking at the phpinfo.php file I see the Zend framework mentioned instead....has there been a change to what is suggested in the official solution? Thanks, Andreas

Ben, PortSwigger Agent | Last updated: Sep 01, 2021 05:28PM UTC

Hi Andreas, If you alter the cookie but keep the total number of characters the same then you should observe both the error message detailing the Symfony framework alongside the hidden phpinfo.php file (it looks like the issue you are observing happens is if you alter the cookie AND change the total number of characters being used). If this is not immediately clear to us then please send us an email at support@portswigger.net and we can provide you with a screenshot.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.