Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

The "CORS vulnerability with basic origin reflection" lab seems broken

SecurityTester-00 | Last updated: Feb 22, 2023 03:51PM UTC

Hello! Is the "CORS vulnerability with basic origin reflection" lab currently working? I have tried many variations of the solution and none of them successfully complete the lab

Ben, PortSwigger Agent | Last updated: Feb 22, 2023 04:57PM UTC

Hi Yazan, I have just run through this lab and been able to solve it using the solution so it does appear to be working as expected. Are you able to share with us the details of the script that you have configured in the Exploit Server so that we can take a look at this for you? If you would like to send us a screenshot directly then please feel free to email us at support@portswigger.net and we can take a look from there (alternatively you could use a screenshot hosting service and add the the link to this forum thread).

SecurityTester-00 | Last updated: Feb 22, 2023 07:42PM UTC

Hey Ben! Here is a couple of screenshots. I used the snippet from step 5 and added it to the exploit response body and updated the lab id as directed. Did you do any additional steps to successfully complete the lab? Lab URL: https://0acd003403c99f48c303aa2b0000002d.web-security-academy.net/ Exploit Server URL: https://exploit-0adf00ba03cf9f72c349a9d3018c00db.exploit-server.net/ Screenshots: https://imgur.com/a/HxXMBR7

Ben, PortSwigger Agent | Last updated: Feb 23, 2023 09:04AM UTC

Hi, In the req.open part of your script, if you include the protocol in the URL then this should then work for you i.e. based on the URLs you were using you would configure this to be as follows: req.open('get','https://0acd003403c99f48c303aa2b0000002d.web-security-academy.net/accountDetails',true);

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.