Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Web Security Academy - carlos email

Anna | Last updated: Aug 16, 2022 05:13PM UTC

Hi, I'm currently doing exercises from the password reset section, I have a feeling that carlos email is not working properly. In a situation where the e-mail for the wiener user is as follows: wiener@exploit[...].web-security-academy.net and when I send a password reset request, it works correctly and an e-mail is sent to the e-mail box, but when I send it for carlos@exploit[...].web-security-academy.net no email comes. Is this a bug? Does anyone have a similar problem?

Hannah, PortSwigger Agent | Last updated: Aug 17, 2022 10:17AM UTC

Hi Is there a specific lab where you are experiencing this issue?

Anna | Last updated: Aug 17, 2022 02:41PM UTC

Yes, labs from "Password reset poisoning" section. https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning

Michelle, PortSwigger Agent | Last updated: Aug 18, 2022 08:42AM UTC

Is there a particular lab within that section where you're having issues? I've done some checks on the first lab, and if you set the username parameter to just be carlos, then check the access log on the exploit server (rather than the email client) you should see an entry that starts GET /forgot-password. I hope that helps.

Anna | Last updated: Aug 21, 2022 02:24PM UTC