OWASP Security Shepherd Project - Session Management Challenge 2 (Session Management Challenge)

Challenge


Solution

    In this challenge, we are going to login as an admin. Whenever there is a login form, the first thing we would like to try is the most popular string 'or'1'='1. Let's try to input admin as User Name & 'or'1'='1 as Password.



    It seems that the application can't be compromised by simple SQLi. However, we get a email address: zoidberg22@shepherd.com. I'll then guess maybe we could have something with this email and the password recovery link in the application. As a result, let's click the Have you forgotten your password? link.


    WOW, it only require email address to reset password! We can then try to reset password of the account admin. Don't forget to always open BurpSuite to analyze the request/response.


    We only get the message "Password reset request sent", but we still don't know what the password is reset to be. Let's check the BurpSuite history for checking what exactly we sent & received.

    Nothing special, let's check the response.


    Great! The application send back what the password is reset to us. We could then try input user as admin & password as 56560480308528783186976698018042404198 to see if we could login as admin user.


    Now, we complete the challenge : -)





留言

The Hottest Articles

OWASP Security Shepherd Project - My Practice & Solutions

OSCP回顧 & 準備建議

OWASP Security Shepherd Project - SQL Injection 3 (Injection Challenge)