infosecgirls
Appsec
Appsec
  • Introduction
  • Application Details
    • VM - Pre-req
    • Import Virtual Machines
    • Access Mutillidae Web Application
  • INITIAL SETUP WITH OWASP ZAP
    • OWASP ZAP
    • Setup OWASP ZAP
    • Modes
    • Automated Scan
    • Report Generation
  • Initial Setup with Burp
    • Start Burp Suite
    • Add FoxyProxy Addon
    • Add New Proxy In FoxyProxy
    • Configure Proxy Listener
    • Install Burp's CA Certificate In Firefox
    • Getting Rid of Unnecessary Browser Traffic
  • Quick Basics
    • Disable Intercept Mode in Burp
    • Enable Intercept Mode in Burp
    • Send to Repeater
    • Send to Comparer
  • Web Application Pentesting
    • A1 - Injection
      • SQL Injection with bWAPP
      • SQL Injection in DVNA
      • Command Injection in DVNA
    • A2 - Broken Authentication
      • Broken Authentication with bWAPP
    • A3 - Sensitive Data Exposure
      • Sensitive Data Exposure - DVNA
    • A4 - XML External Entities (XXE)
      • XML External Entity (XXE) Injection - Mutillidae
      • XML External Entity (XXE) Injection - DVNA
    • A5 - Broken Access Control
      • Broken Access Control - DVNA
    • A6 - Security Misconfiguration
      • Security Misconfiguration in DVNA
      • Security Misconfiguration in Mutillidae
      • Security Misconfiguration in Security Shepherd
    • A7 - Cross-Site Scripting (XSS)
      • Reflected XSS
      • DOM XSS
      • Stored XSS - Mutillidae
      • XSS - Sending data to remote server
    • A8 - Insecure Deserialization
      • Insecure Deserialization - DVNA
    • A9 - Using Components with Known Vulnerabilities
      • Using Components with Known Vulnerabilities - DVNA
    • 10 - Insufficient Logging & Monitoring
    • References
    • About Us
  • Additional Content
    • Insecure Direct Object Reference
    • Security Misconfiguration
    • Password Guessing Attack
    • User Enumeration
      • Unauthenticated User Access
      • Create a New User
      • Authenticated User Access
      • Intruder: Set Positions
      • Intruder: Define Payload
      • Intruder: Configure Grep - Extract
      • Trigger Attack & Save Results
    • Custom Iterator
    • Null Payload
    • Request in Browser: Privilege Escalation Check
  • Burp Extenders
    • Target
    • Proxy
    • Intruder
    • Repeater
    • Sequencer
    • Decoder
    • Comparer
    • Extender
Powered by GitBook
On this page

Was this helpful?

  1. Web Application Pentesting
  2. A2 - Broken Authentication

Broken Authentication with bWAPP

PreviousA2 - Broken AuthenticationNextA3 - Sensitive Data Exposure

Last updated 4 years ago

Was this helpful?

URL -

Let's exploit this vulnerability in practical.

  • Kindly Open bWaPP

  • Click on Install

  • Type the Username and Password as "bee" and "bug" respectively

Click on Broken Auth. - Insecure Login Forms and then "Hack"

Read through the code and see if you can find something interesting

So, when you view the page source (right click on page and select view page source), you should see the user credentials stored in the HTML.

This allows hackers to gain authentication with ease, anyway this won’t be the case in real time, you may see this rarely. In general we sift through the HTML comments and hidden fields, I would say that’s a good practice

**********************Challenge Completed*********************

Now we will see another code level flaw, select Session Mgmt. – Administrative Portals and set security level to low.

If you notice the URL /bWAPP/smgmt_admin_portal.php?admin=0, there’s a string appended after the ? with a value 0, which means the session ID was passed in the query string where anyone could see and manipulate the values.

Let’s change the value from 0 to 1.

If your URL is not the same, Kindly go to

http://192.168.31.112:8086/smgmt_admin_portal.php?admin=1
http://192.168.31.112:8086
Broken Auth. – Insecure Login Forms
Credentials in Code
Insecure Login