Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab - Modifying serialized objects login fuction not working properly?

Challenger | Last updated: Oct 24, 2022 02:36PM UTC

Dear Support, I think there is a problem with the lab Modifying serialized objects, if i try to log in with the credentials provided, I get the following server error: PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www/index.php on line 1 PHP Fatal error: require_once(): Failed opening required 'User.php' (include_path='.:/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request is send to /my-account Is the lab working properly? I checked the solution provided and videos of people solving the lab but there is no php error in neither. For more details, i pasted the request and response below: REQUEST POST /login HTTP/1.1 Host: 0ad70019033a57a1c05c334c004d0082.web-security-academy.net Cookie: session= User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded Content-Length: 30 Origin: https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Te: trailers Connection: close username=wiener&password=peter RESPONSE HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 2387 <!DOCTYPE html> <html> <head> <link href=/resources/labheader/css/academyLabHeader.css rel=stylesheet> <link href=/resources/css/labs.css rel=stylesheet> <title>Modifying serialized objects</title> </head> <script src="/resources/labheader/js/labHeader.js"></script> <div id="academyLabHeader"> <section class='academyLabBanner'> <div class=container> <div class=logo></div> <div class=title-container> <h2>Modifying serialized objects</h2> <a id='lab-link' class='button' href='/'>Back to lab home</a> <a class=link-back href='https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-objects'> Back&nbsp;to&nbsp;lab&nbsp;description&nbsp; <svg version=1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y=0px viewBox='0 0 28 30' enable-background='new 0 0 28 30' xml:space=preserve title=back-arrow> <g> <polygon points='1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15'></polygon> <polygon points='14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15'></polygon> </g> </svg> </a> </div> <div class='widgetcontainer-lab-status is-notsolved'> <span>LAB</span> <p>Not solved</p> <span class=lab-status-icon></span> </div> </div> </div> </section> </div> <div theme=""> <section class="maincontainer"> <div class="container is-page"> <header class="navigation-header"> </header> <h4>Internal Server Error</h4> <p class=is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www/index.php on line 1 PHP Fatal error: require_once(): Failed opening required &apos;User.php&apos; (include_path=&apos;.:/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section> </div> </body> </html>

Hannah, PortSwigger Agent | Last updated: Oct 24, 2022 03:45PM UTC