A7:2021 | Insecure Login (2) | Cycubix Docs

Let’s try

Click the "log in" button to send a request containing login credentials of another user. Then, write these credentials into the appropriate fields and submit to confirm. Try using a packet sniffer to intercept the request.

Solution

Open the Development Tools in the browser, and go to the Network tab.
On WebGoat, click on Log in.
Locate the query to start.mc in the Network tab and click on Parameters.
Notice the parameters {"username":"CaptainJack","password":"BlackPearl"}.

PreviousA7:2021 | Insecure Login (1) | Cycubix Docs NextA7: 2021 | JWT Tokens | Cycubix Docs

Last updated 4 months ago