1. Web Security Academy
  2. Authentication
  3. Other mechanisms
  4. Lab

Lab: Password reset poisoning


This lab is vulnerable to password reset poisoning. Carlos will click any links in password reset emails he receives. To solve the lab, access Carlos's "My account" page. You can access your emails by clicking "Exploit server" > "Email client".

  • Your username: wiener
  • Victim's username: carlos