Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Web Security Academy -> Insecure deserialization -> Some labs don't work

martinez | Last updated: Mar 03, 2021 09:08AM UTC

Hello, I'm just in the middle of your great academy and I found out that some labs in the insecure deserialization part doesn't work. Specifically: Lab: Using application functionality to exploit insecure deserialization Lab: Modifying serialized data types Lab: Arbitrary object injection in PHP Lab: Exploiting Java deserialization with Apache Commons Lab: Exploiting PHP deserialization with a pre-built gadget chain Lab: Exploiting Ruby deserialization using a documented gadget chain Lab: Developing a custom gadget chain for Java deserialization Lab: Developing a custom gadget chain for PHP deserialization Lab: Using PHAR deserialization to deploy a custom gadget chain I always get redirected to the https://portswigger.net/error page.

Ben, PortSwigger Agent | Last updated: Mar 03, 2021 10:49AM UTC

Hi, We experienced an issue that meant the Web Academy labs were not available to our users. The issue should now be fixed and all of the labs should now be available.

alvinoo | Last updated: Mar 09, 2023 06:04AM UTC

When I was editing the cookie, it shows: Input byte array has incorrect ending byte at 80

Ben, PortSwigger Agent | Last updated: Mar 09, 2023 11:16AM UTC

Hi, Are you able to confirm the name of the lab that you are having issues with so that we can take a look at this for you?

You need to Log in to post a reply. Or register here, for free.