Burp Suite User Forum

Create new post

Problem with practice exam 2 stage 3

Nikita | Last updated: Aug 06, 2023 03:43PM UTC

Hi all, found a vulnerability in practice exam 2, tried all Java gadgets, but nothing comes to the colaborator. Who ran into this problem? CommonsCollections7 fulfills the request, but the collaborator is empty(

Hamdi | Last updated: Aug 23, 2023 12:09PM UTC

Hi Nikita, I'm stuck with the first vulnerability in practice exam 2, I was able to fire the alert with the session cookie but I didn't find how to exfiltrate it. The security filter doesn't like the () so I've tried to exfiltrate the cookie without parentheses by using this payload but without result: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#xss-cookie-exfiltration-without-parentheses-backticks-or-quotes Any hint would be appreciated :)

Hamdi | Last updated: Aug 25, 2023 02:09PM UTC

I've found it ;)

Hamdi | Last updated: Aug 25, 2023 06:55PM UTC

In my case, the manual test in Burp DeserializationScanner showed that the URLDNS payload is vulnerable so I tried to exfiltrate the secret file but I didn't find the good payload to do it (all I was able to do is a DNS lookup). So I tried CommonsCollections4 (which is not vulnerable according to the manual test) and it did work !

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.