Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Send the email submission request to Burp Repeater, add "roleid":2 into the JSON in the request body, and resend it.

Kamlesh | Last updated: Jun 01, 2020 10:43AM UTC

how do i change the role-id once i have sent the request to repeater and in response the role-id is 1. please mention the step to complete this Lab(Access control parameter based) and Yes once i complete the labs i get congratulations pop-up but lab is not marked as Solved once we refresh or move to other labs. Appreciate if get a quick response.

Ben, PortSwigger Agent | Last updated: Jun 02, 2020 07:11AM UTC

Hi, Can you provide us with the exact name of the lab that you are trying to solve so that we can assist you? We were experiencing an issue over the weekend and yesterday morning whereby labs were not being successfully marked as solved. This issue has now been resolved and the labs should now be being marked as solved when they have been completed.

Stevens | Last updated: Apr 09, 2023 02:48PM UTC

LAB Not solved This lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution because it unsafely merges user-controllable input into a server-side JavaScript object. This is simple to detect because any polluted properties inherited via the prototype chain are visible in an HTTP response. To solve the lab: Find a prototype pollution source that you can use to add arbitrary properties to the global Object.prototype. Identify a gadget property that you can use to escalate your privileges. Access the admin panel and delete the user carlos. You can log in to your own account with the following credentials: wiener:peter

Ben, PortSwigger Agent | Last updated: Apr 10, 2023 07:13AM UTC