Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

xss task academy

Vard | Last updated: Sep 13, 2020 07:01PM UTC

hello, portswigger team. sorry for my bad english. I started ur academy and understand what is it "exploi server" in XSS task. Where i can write about this?

Ben, PortSwigger Agent | Last updated: Sep 14, 2020 07:19AM UTC

Hi, Once you have launched a lab there is normally a link in orange, just below the name of the lab, that you can click to access the exploit server. Please note that only certain labs require the use of the exploit server so it is not available in every lab.

Vard | Last updated: Sep 14, 2020 06:27PM UTC

sorry, my bad. i seem i dont understand why exploit server is need. why i cant put my payload into search bar directly?

Ben, PortSwigger Agent | Last updated: Sep 15, 2020 08:05AM UTC

Hi, Some of the labs, depending on the type of vulnerability, require an external server in order to host and deliver exploits to the victim user - we provide the exploit server as an easy way to do this (the alternative would be for users to create their own server, which could be problematic). Are you doing a particular lab?

Vard | Last updated: Sep 15, 2020 10:31AM UTC

For exapmle Lab 2 XSS: Reflected XSS into HTML context with most tags and attributes blocked We must use payload: <iframe src="https://your-lab-id.web-security-academy.net/?search=%22%3E%3Cbody%20onresize=alert(document.cookie)%3E" onload=this.style.width='100px'> Why i cant use this payload into url-machine? If i will use its payload, system write me "none tags", but i can use server-exploit payload working

Ben, PortSwigger Agent | Last updated: Sep 16, 2020 11:10AM UTC