without explanation, why doing exactly the same from the answers? I did not get it.

I don't understand why we have to use a if this tag is not allowed and the exploit server also the onload attribute isn't allowed. I did not understand how to arrive at that solution?

how did you get %20=1 after body? and %22%3E%3C after ?search? this is not explained at all

may i know what is logic %20=1 ???

Hi! What is Portswigger's exploit server equivalent into Burp? How can this lab be resolved using only Burp? Thanks Michael!

Excellent work! Thank you again. I like your quick and to-the-point demonstrations. I don't know why people complain. I like to see the solutions so I can go back and research what you did on my own. I learn more that way.

why do you need to add $$ twice? because I see only Brute force has 1 variable -> add 1 $ right? Please can anyone help me understand this problem?

in my burp it's showing payload count 152 & request count 0 I did the same you mentioned

It's all a mess, you aren't explaning what is what😢 what is even going on???

There is no need to add "> infront of body payload, without that as well it will work.

Thanks Michael, core tech stuff liked it. But it would be helpful for newbie like us if you add some explanations

finally one of my colleagues explained it to me : there are 3 three parts in the lab : 1= detecting wich tag and attributes are allowed ( body and on Resize ) 2= inserting java script using the allowed tag and attribute to automatically resize the page we used the event onload ... The above is enogh to pop up the alert but on this lab it is needed to prepare also an exploitation : 3= exploitation means we have to send a malicious url ( that is vulnerable ) to a victim, and to be able to send URL, we have to use tag ( this tag will not be injected into our lab, no it's only needed to prepare the URL i.e our victim will receive the link and it will starts only after https//... wich includes our allowed tag and attribute and js i hope my explaination help you to understand the lab for newbies like me Below a video that explaine much about this lab, @

very good

rana is way better