Authentication Vulnerabilities - Lab #3 Password reset broken logic | Long Version

Показать описание

In this video, we cover Lab #3 in the Authentication module of the Web Security Academy. This lab's password reset functionality is vulnerable. To solve the lab, we reset Carlos's password then log in and access his "My account" page.

Your credentials: wiener:peter
Victim's username: carlos

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬

▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
01:22 - Navigation to the exercise
01:47 - Understand the exercise and make notes about what is required to solve it
02:21 - Exploit the lab
05:09 - Script the exploit in Python
14:09 - Summary
14:20 - Thank You

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Рекомендации по теме

Комментарии

The update to the Web Security Acad emy Series course has gone l ive! To celebrate the launch, here's a *50% off coupon: LAUNCH50OFF. The coupon is valid for the first 100 individuals!* Half the coupons have already been taken!

The Web Security Academy Series course now:

🐞 Covers 12 vulnerability categories
⏯ Contains 140+ videos
⏳ Contains 50+ hours of HD content
🧪 Provides walkthroughs of 119 labs
➕ and much more!

RanaKhalil

Please which is the best Python course, what do you recommend?? Can you open the python Course?

davidardo

why we are using python we did it manualy using burpsuite then...

the_py_coder

Can you make one Big playlist so i Can listen while i Fall asleep

mrmarcus

Looking at this from a realistic view, are we supposed to have the victim's reset email link? Of course, no!

If we are to exploit our own credentials using HTTP requests, how do we exploit the victim if the only information we have about him/her is just the username?

dr.b

someone how can i not remember simple stuff like this sometimes
edit: abit stoned so maybe the reason

xgreyhound

Authentication Vulnerabilities - Lab #3 Password reset broken logic | Long Version

Authentication Vulnerabilities - Lab #3 Password reset broken logic | Short Version

Authentication Vulnerabilities - Lab #3 Password reset broken logic | Long Version

Lab #3 Username enumeration via response timing | Authentication Vulnerabilities

[Hindi] Authentication vulnerabilities - Lab - 3| Password reset broken logic | PortSwigger Labs

Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version

Authentication Vulnerabilities | Complete Guide

Authentication Vulnerabilities - Lab #2 2FA simple bypass | Short Version

Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Long Version

Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Short Version

Authentication Vulnerabilities - Lab #2 2FA simple bypass | Long Version

SQL Injection 101: Exploiting Vulnerabilities

Authentication Vulnerabilities - Lab #8 2FA broken logic | Short Version

Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Short Version

Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Long Version

Authentication Vulnerabilities - Lab #8 2FA broken logic | Long Version

Authentication Bypass in Governikus Autent SDK discovered by SEC Consult Vulnerability Lab

Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Long Version

Authentication Vulnerabilities - Lab #1 Username enumeration via different responses | Long Version

Authentication Vulnerabilities - Lab #7 Username enumeration via account lock | Short Version

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Short Version

HTTP Host Header Attacks Lab Breakdown: Host header authentication bypass

Top 3 Password Cracking Tools 🛠️

JSON Web Token Attacks: LAB #3 By PortSwigger - JWT Authentication Bypass Via Weak Signing Key

Password HACKING in 60 SECONDS