Broken Authentication and SQL Injection | OWASP Juice Shop TryHackMe

📄 Cyber Security Certification Notes & Cheat Sheets https://buymeacoffee.com/notescatalog/extras 🚀(2nd link) Cyber Security Certification Notes & Cheat Sheets https://shop.motasem-notes.net/collections/cyber-security-study-notes 💡Cyber Security Notes | Membership Access https://buymeacoffee.com/notescatalog/membership 🧩Cybersecurity Direct Coaching & Mentoring https://shop.motasem-notes.net/collections/coaching-and-mentoring-programs 🔥Download FREE Cyber Security 101 Study Notes https://buymeacoffee.com/notescatalog/e/290985 🧠 Get Strategic cyber security and tech insights weekly to your email by joining my newsletter below https://buymeacoffee.com/notescatalog/membership 📊Blog Writeups https://www.motasem-notes.net **** In this video walkthrough, we covered broken authentication and SQL injection walkthrough as part of OWASP Juice Shop from TryHackMe ***** OWASP Juice Shop TryHackMe https://tryhackme.com/room/owaspjuiceshop Blog Post https://motasem-notes.net/tryhackme-owasp-juice-shop-the-complete-guide/ ******** Store https://buymeacoffee.com/notescatalog/extras Patreon https://www.patreon.com/motasemhamdan Instagram https://www.instagram.com/motasem.hamdan.tech/ Google Profile https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6 LinkedIn [1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/ [2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/ Instagram https://www.instagram.com/mastermindstudynotes/ Twitter https://twitter.com/ManMotasem Facebook https://www.facebook.com/motasemhamdantty/ **** 0:01 - Introduction to OWASP Juice Shop on TryHackMe 0:10 - Overview of Juice Shop Tasks and SQL Injection 0:33 - Task 1: SQL Injection to Login as Administrator 1:20 - Setting Up Burp Suite Intercept for SQL Injection Testing 2:05 - Demonstrating SQL Injection Bypass for Admin Access 4:05 - Logging into Admin Account and Copying the Flag 5:13 - Task 2: Logging into Vendor Account with SQL Injection 6:18 - Using Burp Suite for SQL Injection on Vendor Login 7:24 - Successfully Logging into Vendor Account 8:00 - Task 3: Brute-Forcing Admin Password with Intruder 8:42 - Setting Up Intruder Payloads for Password Brute-Force 10:07 - Identifying Successful Password from HTTP Response Code 10:23 - Task 4: Resetting Jim's Password via Security Question 10:39 - Attempting Password Reset by Answering Security Question 12:03 - Researching Security Question Answer Using Star Trek Reference 13:00 - Resetting Jim's Password and Retrieving Flag 13:20 - Summary of SQL Injection and Broken Authentication Vulnerabilities 13:36 - Next Steps: Further OWASP Juice Shop Tasks