.png)
9 months ago
64 BOOK THIS SPACE FOR AD
ARTICLE ADThis lab’s email change feature contains a race condition that enables you to associate an arbitrary email address with your account. Someone with the address carlos@ginandjuice.shop has a pending invite to be an administrator for the site, but they have not yet created an account. Therefore, any user who successfully claims this address will automatically inherit admin privileges | Karthikeyan Nagaraj
This lab’s email change feature contains a race condition that enables you to associate an arbitrary email address with your account.
Someone with the address carlos@ginandjuice.shop has a pending invite to be an administrator for the site, but they have not yet created an account. Therefore, any user who successfully claims this address will automatically inherit admin privileges.
To solve the lab:
Identify a race condition that lets you claim an arbitrary email address.Change your email address to carlos@ginandjuice.shop.Access the admin panel.Delete the user carlosYou can log in to your own account with the following credentials: wiener:peter.
You also have access to an email client, where you can view all emails sent to @exploit-<YOUR-EXPLOIT-SERVER-ID>.exploit-server.net addresses.
Log in to your Account with wiener:peterChange the Email to something@exploit-<YOUR-EXPLOIT-SERVER-ID>.exploit-server.net addresses.Capture the Above request and send it to the repeater 2 TimesChange the email ID for one of the requests to carlos@ginandjuice.shopRight-click, add the 2 requests to a Group, and send the Request in Parallel.Check your email client whether you have received an email that consists carlost@ginandjuice.shop.Click that link to change your mail, if not again send the parallel request to get the link.Then, navigate to My-Account, you can now able to see the Admin panel.Click on Admin Panel and delete the User Carlos to solve the Lab
Bengali (Bangladesh) · 
English (United States) ·