🟢Password reset broken logic

This lab's password reset functionality is vulnerable. To solve the lab, reset Carlos's password then log in and access his "My account" page.

  • Your credentials: wiener:peter

  • Victim's username: carlos

Submitting request for resetting password sends a reset password email.

Clicking on the link will bring you to a reset password form.

Inspecting the reset form with burp suite shows the username and password to reset to.

We can change the username to our target user carlos and reset his password.

Previous2FA simple bypassNextUsername enumeration via subtly different responses

Last updated