Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Unable to solve Lab: CORS vulnerability with trusted insecure protocols

Mazef | Last updated: Aug 03, 2024 05:17PM UTC

Hello, I'm facing an issue with the following lab : Lab: CORS vulnerability with trusted insecure protocols "View Exploit" works well and delivers the key on my exploit server, however "Deliver to the victim" only reach the /exploit page but never delivers the key and I can't solve the lab. Could you please check if something goes wrong with this lab ? Thanks

Michelle, PortSwigger Agent | Last updated: Aug 05, 2024 12:15PM UTC

Hi Thanks for getting in touch. Were you still logged into the lab with your own account at the stage where you delivered the exploit to the victim and checked the access logs?

Mazef | Last updated: Aug 05, 2024 01:04PM UTC

Hello, Yes, I was connected on my own account. I still can reproduce today on the fresh deployed lab. The victim only reaches /exploit but doesn't seem to execute the uploaded script.

Michelle, PortSwigger Agent | Last updated: Aug 05, 2024 02:38PM UTC

Thanks for the update. Which browser were you using? Were you using Burp's embedded browser? If you use normal Chrome, do you see the same issue?

Mazef | Last updated: Aug 05, 2024 08:46PM UTC