Hi, I am stuck at this question for a while. I have been clicking around the site, and observing any method other than GET, but so far no luck.
Is there any other settings need to be done on the Burp ?
Thanks
Found it.
For some reason, I was not able to get this working in the pwnbox. since the target can be reached from the public, i used my machine to test, the i got the critical .php file and the post.