Burp Suite User Forum

Create new post

Lab - Modifying serialized objects login fuction not working properly?

Challenger | Last updated: Oct 24, 2022 02:36PM UTC

Dear Support, I think there is a problem with the lab Modifying serialized objects, if i try to log in with the credentials provided, I get the following server error: PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www/index.php on line 1 PHP Fatal error: require_once(): Failed opening required 'User.php' (include_path='.:/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request is send to /my-account Is the lab working properly? I checked the solution provided and videos of people solving the lab but there is no php error in neither. For more details, i pasted the request and response below: REQUEST POST /login HTTP/1.1 Host: 0ad70019033a57a1c05c334c004d0082.web-security-academy.net Cookie: session= User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded Content-Length: 30 Origin: https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Te: trailers Connection: close username=wiener&password=peter RESPONSE HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 2387 <!DOCTYPE html> <html> <head> <link href=/resources/labheader/css/academyLabHeader.css rel=stylesheet> <link href=/resources/css/labs.css rel=stylesheet> <title>Modifying serialized objects</title> </head> <script src="/resources/labheader/js/labHeader.js"></script> <div id="academyLabHeader"> <section class='academyLabBanner'> <div class=container> <div class=logo></div> <div class=title-container> <h2>Modifying serialized objects</h2> <a id='lab-link' class='button' href='/'>Back to lab home</a> <a class=link-back href='https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-objects'> Back&nbsp;to&nbsp;lab&nbsp;description&nbsp; <svg version=1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y=0px viewBox='0 0 28 30' enable-background='new 0 0 28 30' xml:space=preserve title=back-arrow> <g> <polygon points='1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15'></polygon> <polygon points='14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15'></polygon> </g> </svg> </a> </div> <div class='widgetcontainer-lab-status is-notsolved'> <span>LAB</span> <p>Not solved</p> <span class=lab-status-icon></span> </div> </div> </div> </section> </div> <div theme=""> <section class="maincontainer"> <div class="container is-page"> <header class="navigation-header"> </header> <h4>Internal Server Error</h4> <p class=is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www/index.php on line 1 PHP Fatal error: require_once(): Failed opening required &apos;User.php&apos; (include_path=&apos;.:/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section> </div> </body> </html>

Hannah, PortSwigger Agent | Last updated: Oct 24, 2022 03:45PM UTC

Hi This issue should be fixed now. If you relaunch the lab, you should no longer encounter that error.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.