Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Problem with practice exam 2 stage 3

Nikita | Last updated: Aug 06, 2023 03:43PM UTC

Hi all, found a vulnerability in practice exam 2, tried all Java gadgets, but nothing comes to the colaborator. Who ran into this problem? CommonsCollections7 fulfills the request, but the collaborator is empty(

Hamdi | Last updated: Aug 23, 2023 12:09PM UTC

Hi Nikita, I'm stuck with the first vulnerability in practice exam 2, I was able to fire the alert with the session cookie but I didn't find how to exfiltrate it. The security filter doesn't like the () so I've tried to exfiltrate the cookie without parentheses by using this payload but without result: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#xss-cookie-exfiltration-without-parentheses-backticks-or-quotes Any hint would be appreciated :)

Hamdi | Last updated: Aug 25, 2023 02:09PM UTC

I've found it ;)

Hamdi | Last updated: Aug 25, 2023 06:55PM UTC

In my case, the manual test in Burp DeserializationScanner showed that the URLDNS payload is vulnerable so I tried to exfiltrate the secret file but I didn't find the good payload to do it (all I was able to do is a DNS lookup). So I tried CommonsCollections4 (which is not vulnerable according to the manual test) and it did work !

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.