Portswigger Practice Exam #1
Portswigger Practice Exam #1 In this blogpost we will see how to complete The Burp Suite Pratice Exam by Portswigger We have 2 hours to complete the exam. The Exam itself is made up of three steps, in each of which we have to exploit a different vulnerability. Steps: DOM Cross-Site Scripting (XSS) SQL Injection Insecure Desearilization Step #0: Starting the exam At the bottom of this page , we can start either the first or the second exam. Let's start the first one by clicking on the first orange button. Let's click on the next button to confirm to start the practice exam. Now let's wait a few minutes to let the lab load up. Step #1: DOM Cross-Site Scripting (XSS)Finally, let's click on the App 1 Button to load the exam webpage. Let's enable the DOM Invader Extension Let's use the Dom invader to identify the Sink(s) Let's validate that we can exploit this sink with the following payload "-alert()-" to achieve a DOM XSS Let's try to read the co...