Really appreciate the kind words! Michael has good insight and we're glad to share the platform. We wanted to give our perspective on some of these vulns based on what we've seen in "the wild" to try and point out exactly what we look for and why we're trying certain things. Our goal with the series was to try and give a working methodology / insight that you could take away and apply to pentests and bug bounties. We definitely plan to make more vids to cover the rest of the topics once we get back from vacation. Really appreciate you checking out the video!
Really appreciate that! Thanks for reaching out with this question! Instead of using Burp collaborator, you should be able to instead point the payload to your exploit server URL. It either has to be Burp collaborator or your exploit server since Web Security Academy filters egress traffic only to those associated domains. Once the XML parser parses everything, you should be able to grab the hostname from the exploit server logs. Of course, not every lab has an exploit server. If that doesn't work, let me know!
Portswigger should replace Sommer's copy/paste videos with yours. This is what a community solution needs to look like. Kudos
Really appreciate the kind words! Michael has good insight and we're glad to share the platform. We wanted to give our perspective on some of these vulns based on what we've seen in "the wild" to try and point out exactly what we look for and why we're trying certain things. Our goal with the series was to try and give a working methodology / insight that you could take away and apply to pentests and bug bounties. We definitely plan to make more vids to cover the rest of the topics once we get back from vacation. Really appreciate you checking out the video!
A man with his EXPLAINATION! SUPERB!
SHORT AND CRISP LOVE IT
Thanks Abhishek! Glad to hear it was helpful!
thanks, it`s useful!
QUICK AND NICE VIDEO
Thanks so much! Hope it was helpful. Really appreciate you checking out the video!
What a nice expression
Thanks! I hope the video was helpful!
Very good thanks
excellent way of explaination bro!!, Is there any other way for solving this lab instead of using professional version?
Really appreciate that! Thanks for reaching out with this question! Instead of using Burp collaborator, you should be able to instead point the payload to your exploit server URL. It either has to be Burp collaborator or your exploit server since Web Security Academy filters egress traffic only to those associated domains. Once the XML parser parses everything, you should be able to grab the hostname from the exploit server logs. Of course, not every lab has an exploit server. If that doesn't work, let me know!
thanks \o/
Thanks for checking out the video. Hope it was helpful!
is there a burp collaborator alternative?