In this video, we cover Lab #3 in the Authentication module of the Web Security Academy. This lab's password reset functionality is vulnerable. To solve the lab, we reset Carlos's password then log in and access his "My account" page.
Your credentials: wiener:peter
Victim's username: carlos
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series
▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:11 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:22 - Navigation to the exercise
01:47 - Understand the exercise and make notes about what is required to solve it
02:21 - Exploit the lab
05:09 - Script the exploit in Python
14:09 - Summary
14:20 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-03/authentication-lab-03.py
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-03/notes.txt
Web Security Academy Lab Exercise: https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-broken-logic
Rana's Twitter account: https://twitter.com/rana__khalil
