Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Lab SSRF with whitelist-based input filters

Sunil | Last updated: Sep 16, 2023 10:56PM UTC

Hi, The document says the following You can embed credentials in a URL before the hostname, using the @ character. For example: https://expected-host:fakepassword@evil-host While the lab solution says Change the URL to http://username@stock.weliketoshop.net/ So, either the solution is not documented or it is explained incorrectly in the lesson.

Michelle, PortSwigger Agent | Last updated: Sep 18, 2023 02:47PM UTC

Hi The expert-level labs are designed to be more challenging, so sometimes you may need to use the examples provided in the learning materials as a base and then expand them further, so there might not always be an exact match. Were you expecting the lab to use a username:password style format before the @ in the URL?

Sunil | Last updated: Sep 21, 2023 12:11PM UTC

The format in the lesson put the attack vector in the format https://expected-host:fakepassword@evil-host while the solution puts the format in http://username@expected-host which is not the same. Thanks

Michelle, PortSwigger Agent | Last updated: Sep 21, 2023 01:08PM UTC

Hi For the expert-level labs, you may not find the full precise answers described as examples in the resources, as they are designed to be more challenging. The resources are intended to provide you with an understanding of the vulnerabilities so you can then try out variations in the expert-level labs.

You need to Log in to post a reply. Or register here, for free.