Burp Suite User Forum

Create new post

LAB: No SQL Exploiting NoSQL operator injection to extract unknown fields

armmeyou | Last updated: May 30, 2024 07:59AM UTC

I have a question about lab this, I have to rescan find attributes only array is 0 = id 1 = username 2 = password 3 = email I haven't find the token because I tried Sequent 0 - 10 not find a token Please help tell me this.

Ben, PortSwigger Agent | Last updated: May 30, 2024 10:03AM UTC

Hi, Have you carried out step 4 of the solution, which is to manually attempt a reset of the 'carlos' users password within a browser?

Dominyque, PortSwigger Agent | Last updated: May 30, 2024 10:05AM UTC

Hi Have you watched the community solution video for further guidance on solving the lab? If yes and you are still having issues, can you please email support@portswigger.net with screenshots/ screen recording of the steps you have taken so we can better help.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.