Broken Authentication with bWAPP
Last updated
Last updated
Let's exploit this vulnerability in practical.
Kindly Open bWaPP
Click on Install
Type the Username and Password as "bee" and "bug" respectively
Click on Broken Auth. - Insecure Login Forms and then "Hack"
Read through the code and see if you can find something interesting
So, when you view the page source (right click on page and select view page source), you should see the user credentials stored in the HTML.
This allows hackers to gain authentication with ease, anyway this won’t be the case in real time, you may see this rarely. In general we sift through the HTML comments and hidden fields, I would say that’s a good practice
**********************Challenge Completed*********************
Now we will see another code level flaw, select Session Mgmt. – Administrative Portals
and set security level to low
.
If you notice the URL /bWAPP/smgmt_admin_portal.php?admin=0
, there’s a string appended after the ?
with a value 0
, which means the session ID was passed in the query string where anyone could see and manipulate the values.
Let’s change the value from 0
to 1
.
If your URL is not the same, Kindly go to http://192.168.31.112:8086/smgmt_admin_portal.php?admin=1