This lab’s email change feature contains a race condition that enables you to associate an arbitrary email address with your account.

Someone with the address [email protected] has a pending invite to be an administrator for the site, but they have not yet created an account. Therefore, any user who successfully claims this address will automatically inherit admin privileges.

To solve the lab:

1. Identify a race condition that lets you claim an arbitrary email address.
2. Change your email address to [email protected].
3. Access the admin panel.
4. Delete the user carlos

You can log in to your own account with the following credentials: wiener:peter.

You also have access to an email client, where you can view all emails sent to @exploit-<YOUR-EXPLOIT-SERVER-ID>.exploit-server.net addresses.

1. Log in to your Account with wiener:peter
2. Change the Email to something@exploit-<YOUR-EXPLOIT-SERVER-ID>.exploit-server.net addresses.
3. Capture the Above request and send it to the repeater 2 Times
4. Change the email ID for one of the requests to [email protected]
5. Right-click, add the 2 requests to a Group, and send the Request in Parallel.
6. Check your email client whether you have received an email that consists [email protected].
7. Click that link to change your mail, if not again send the parallel request to get the link.
8. Then, navigate to My-Account, you can now able to see the Admin panel.
9. Click on Admin Panel and delete the User Carlos to solve the Lab