Burp Suite User Forum

Login to post

http host header injection: password reset poison labs not working

imrnrza | Last updated: Oct 17, 2020 09:09PM UTC

https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning lab 2 and 3 password reset via middleware and dangling markup are not working as suggested in the solution section in lab2 wiener password reset email received but not in logs after adding X-Forwarded-Host header, carlos password is never received in logs in lab3, weiner password is received as per solution but carlos password is never received i have tried multiple times, can you suggest

Ben, PortSwigger Agent | Last updated: Oct 19, 2020 10:32AM UTC

Hi, I have just run through the second lab to check to check it is working as expected and was able to solve it using the solution provided. For the second lab - the password is not supplied in the logs and the solution does not mention this. As noted in the solution, you receive a valid token which you then need to use in conjunction with the password reset link supplied in the email client. This allows you to reset Carlos' user account password to something that you know and are then able to log in as him.

Z | Last updated: Dec 04, 2020 06:27AM UTC

Hello, in the first lab : basic password reset poisoning, carlos's request is not coming to the exploit server log even though I sent the modified HTTP request (with modified host header and to carlos (at same domain as wiener)). What would you advise?

Uthman, PortSwigger Agent | Last updated: Dec 04, 2020 11:23AM UTC

Can you take a break and attempt to follow the steps in the solution again? I have just managed to complete it successfully without any issues. Have you considered looking at a tutorial on YouTube?

You need to Log in to post a reply. Or register here, for free.