search

Password reset broken logic

https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-broken-logic

Level: Apprentice

  • The following lab basically says Reset another's user password.

  • So, go straight to it.

  • Click on the Forgot Password

  • I made the common process of resetting the password for my account

  • Start to intercept literally every request to make some recon.

  • Finally, I get Something Interesting in the parameters and info we are passing once we put our new password.

  • There is a username parameter that if we change it to user Carlos, we can change his password using my respective new password form.

Previous2FA simple bypassNextAccess Control

Last updated