A7:2021 | Insecure Login (2) | Cycubix Docs

Let’s try

Click the "log in" button to send a request containing login credentials of another user. Then, write these credentials into the appropriate fields and submit to confirm. Try using a packet sniffer to intercept the request.


  • Open the Development Tools in the browser, and go to the Network tab.

  • On WebGoat, click on Log in.

  • Locate the query to start.mc in the Network tab and click on Parameters.

  • Notice the parameters {"username":"CaptainJack","password":"BlackPearl"}.

Last updated