Introduction
In this lab Inconsistent handling of exceptional input, user input has not been properly validated, making it vulnerable to business logic flaws. You can exploit this flaw during account registration to gain administrative privileges. To solve the lab, you need to access the admin panel and delete the Carlos account.
Lab Description For Inconsistent handling of exceptional input
Alright, first, we need to access the lab. After accessing it, enable the proxy in your Burp Suite.
Go to the “Target” section, right-click on your target domain, and click on “Engagement Tools.” Then, click on “Discover Content.”
Now, click on “Session is not running” and wait. After a while, you will find the admin panel for the domain.
If you try to access the “/admin” interface, it won’t work because the admin interface can only be accessed by internal users with email addresses of the type “DontWannaCry.”
Now, the most important steps are coming up. First, click on “Register” and create an account.
An email client has already been provided. In this case, I know that the email length can only be 255 characters; we cannot input a longer email.
I will copy the email from the email client.
After copying the email, I will go to the registration form and fill it out with the username, email, and password.
Remember, as you know, we cannot exceed 255 characters in the email length. Let’s verify it. For this, we will use the following email:
I will repeat the word “attacker” 255+ times in this email. Now, I will intercept it after clicking on “Register.”
As you can see, I have entered such a long email. Now, let’s forward it.
I will go to the email client and verify my email. I will log in with the username “test” and the password “1234.” You can see that the email does not include the “@domain.”
In the bottom right corner, you can see that it displays “255 characters.” This means that the registration form accepts a maximum of 255 characters.
Final Steps
If you look at the bottom right corner again, you can see that “@DontWannaCry.com” has 17 characters.
To solve the lab, we need to add “@DontWannaCry.com” to the end of our email.
First, we need to reduce our email string by 17 characters. After reducing the characters, we can proceed.
I have successfully created the email. Now, I need to add something else to it so that we receive the email in the email client.
I will go to the email client, copy the email from there, and append it to the end of this email. Remember to add a (.) dot after “@DontWannaCry.com.”
@DontWannaCry.com.exploit-0afc003303d158fe8096616f015c0096.exploit-server.net
Steps: Now, you can log out of your account and go to the registration page. Register with the username “test1” and the same email.
Go to the email client, verify the email, and log in with the username and password.
Delete Carlos account
As you can see, we have successfully logged in as an admin. Now, you can delete the Carlos account.
After deleting the Carlos account, our lab is solved.
So, as you can see, we have successfully solved the PortSwigger Web Security lab “Inconsistent handling of exceptional input.“
You can also follow us on Twitter @masaudsec.