Insecure Login (2)
Let’s try
Click the "log in" button to send a request containing login credentials of another user. Then, write these credentials into the appropriate fields and submit to confirm. Try using a packet sniffer to intercept the request.
Solution
Open the Development Tools in the browser, and go to the Network tab.
On WebGoat, click on Log in.
Locate the query to
start.mc
in the Network tab and click on Parameters.Notice the parameters
{"username":"CaptainJack","password":"BlackPearl"}
.
Last updated