A7:2021 | Insecure Login (2) | Cycubix Docs
Last updated
Was this helpful?
Last updated
Was this helpful?
Click the "log in" button to send a request containing login credentials of another user. Then, write these credentials into the appropriate fields and submit to confirm. Try using a packet sniffer to intercept the request.
Open the Development Tools in the browser, and go to the Network tab.
On WebGoat, click on Log in.
Locate the query to start.mc in the Network tab and click on Parameters.
Notice the parameters {"username":"CaptainJack","password":"BlackPearl"}.
