Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web Security Academy - carlos email

Anna | Last updated: Aug 16, 2022 05:13PM UTC

Hi, I'm currently doing exercises from the password reset section, I have a feeling that carlos email is not working properly. In a situation where the e-mail for the wiener user is as follows: wiener@exploit[...].web-security-academy.net and when I send a password reset request, it works correctly and an e-mail is sent to the e-mail box, but when I send it for carlos@exploit[...].web-security-academy.net no email comes. Is this a bug? Does anyone have a similar problem?

Hannah, PortSwigger Agent | Last updated: Aug 17, 2022 10:17AM UTC

Hi Is there a specific lab where you are experiencing this issue?

Anna | Last updated: Aug 17, 2022 02:41PM UTC

Yes, labs from "Password reset poisoning" section. https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning

Michelle, PortSwigger Agent | Last updated: Aug 18, 2022 08:42AM UTC

Is there a particular lab within that section where you're having issues? I've done some checks on the first lab, and if you set the username parameter to just be carlos, then check the access log on the exploit server (rather than the email client) you should see an entry that starts GET /forgot-password. I hope that helps.

Anna | Last updated: Aug 21, 2022 02:24PM UTC

Oh, I'm not sure why I assumed his email would be from the same domain as wiener user. Yeah, it's working. Thank you very much.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.