Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more
Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Lab: Bypassing access controls using email address parsing discrepancies

EXPERT

This lab validates email addresses to prevent attackers from registering addresses from unauthorized domains. There is a parser discrepancy in the validation logic and library used to parse email addresses.

To solve the lab, exploit this flaw to register an account and delete carlos.

Required knowledge

To solve this lab, you'll need to understand the techniques described in the Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls whitepaper by Gareth Heyes of the PortSwigger Research team.

ACCESS THE LAB

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here

Try Burp Suite for Free

Find business logic vulnerabilities using Burp Suite

Try for free