5.6 Lab: Inconsistent handling of exceptional input | 2024

This lab doesn’t adequately validate user input. You can exploit a logic flaw in its account registration process to gain access to administrative functionality. To solve the lab, access the admin panel and delete the user carlos

Capture the request of the homepage and turn off the interceptNavigate to target, right-click the lab URL, Engagement tool them, and Discover Content.After a while, you will get /admin request. If you navigate to the /admin page, it will say like, only Dontwanna cry users can accessSo to create an email with that name, navigate to Register Account on Browser.Type a username and the email should be 255 characters long and the end should be @dontwannacry.com like the below with your exploit id at the last.awelcomewehavetocreateaemailwithtwohundredandfiftyfivecharactersbecausetheservertruncatesthefirsttwohundredandfiftyfivecharactersendingwithDontWannaCrycreateaemailwiththeservertruncatesthefirsttwohundredandfiftyfivecharactersendingwiththe@DontWannaCry.com@exploit-LAB_ID.exploit-server.netThese first 255 characters will be truncated ending with dontwannacry.comAfter you create an account, go back to an email client, and verify the email.Log in to that account, You will be now able to see the admin panel.Navigate to the admin panel and delete Carlos to solve the lab.