Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Several labs not completing even though exact steps were followed

Matthew | Last updated: May 19, 2021 11:57AM UTC

I have been following the recommended learning path. I am now at a point within the XSS section (and onwards) where none of the labs are completing/solving, despite following the exact steps listed under the solution tab or within the community solution videos. The labs that are causing issue are any of the ones involving storing an XSS script tag within a message body in the exploit server, storing the message, and "delivering" the exploit to the victim. Nothing happens, even though I follow the steps exactly as described or shown. I've decided to move on from the XSS labs and have started with the CSRF labs, but I'm running into the same issue (I just attempted the CSRF vulnerability with no defenses lab). Is anyone else having similar issues?

Uthman, PortSwigger Agent | Last updated: May 20, 2021 09:14AM UTC

Hi Matthew, Can you share links to a few of the labs you are facing issues with?

Matthew | Last updated: May 26, 2021 01:05PM UTC

Sorry for the late response. Here are several of the labs that will not "solve" for me: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-html-context-with-most-tags-and-attributes-blocked https://portswigger.net/web-security/cross-site-scripting/contexts/lab-html-context-with-all-standard-tags-blocked https://portswigger.net/web-security/cross-site-scripting/contexts/angularjs-sandbox/lab-angular-sandbox-escape-and-csp https://portswigger.net/web-security/csrf/lab-no-defenses It's pretty much all of the labs that require you to "store and deliver" the exploit on the exploit server.

Uthman, PortSwigger Agent | Last updated: May 26, 2021 01:19PM UTC

Thanks, Matthew. I have just tested all the solutions and the labs are being marked as solved. Are you replacing your lab ID with the ID of your lab? Or the ID of your exploit server? If you still think a bug exists, please send an email to support@portswigger.net with screen recordings of your attempts to complete the labs.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.