Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Problem with practice exam 2 stage 3

Nikita | Last updated: Aug 06, 2023 03:43PM UTC

Hi all, found a vulnerability in practice exam 2, tried all Java gadgets, but nothing comes to the colaborator. Who ran into this problem? CommonsCollections7 fulfills the request, but the collaborator is empty(

Hamdi | Last updated: Aug 23, 2023 12:09PM UTC

Hi Nikita, I'm stuck with the first vulnerability in practice exam 2, I was able to fire the alert with the session cookie but I didn't find how to exfiltrate it. The security filter doesn't like the () so I've tried to exfiltrate the cookie without parentheses by using this payload but without result: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#xss-cookie-exfiltration-without-parentheses-backticks-or-quotes Any hint would be appreciated :)

Hamdi | Last updated: Aug 25, 2023 02:09PM UTC

I've found it ;)

Hamdi | Last updated: Aug 25, 2023 06:55PM UTC