.png)
8 months ago
63 BOOK THIS SPACE FOR AD
ARTICLE ADTo solve this lab, you’ll need to know: How to use URL query syntax to attempt to change a server-side request. How to use error messages to build an understanding of how a server-side API processes user input | Karthikeyan Nagaraj
To solve the lab, log in as the administrator and delete carlos.
Required knowledge
To solve this lab, you’ll need to know:
How to use URL query syntax to attempt to change a server-side request.How to use error messages to build an understanding of how a server-side API processes user input.These points are covered in our API Testing Academy topic
Click My-Account, turn on Proxy, and Turn off the Intercept.Click forgot-password, give Administrator as the username and send the request.In burp, go to proxy → http history and notice and /static/js/forgotPassword.jsSend the POST forgot-password to the repeater and modify the body as this: username=administrator%26field=reset_token%23Sending this request will give you the reset_token as we are trying to get the reset Token value.After that go to https://LAB-URL/forgot-password?reset_token=YOUR_RESET_TOKENChange the Password, and log in to the Admin Account.Finally, delete the user carlos to solve the LabA YouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Ethical Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Bengali (Bangladesh) · 
English (United States) ·