.png)
4 years ago
343 BOOK THIS SPACE FOR AD
ARTICLE AD
Room Link: https://tryhackme.com/room/owasptop10
[Day 2] Broken Authentication:
Refer below link for Broken Authentication Theory part:
Practical:
Questions:
Q.1 What is the flag that you found in Darren's account?
As per the instructions we have Darren username. so I tried to make an another account with the same username but it throws me an error saying that this account already exists.
So I remembered the theory part of the challenge, they mentioned that if we can add {space} in the username. eg { Mayur}& make an account then it will give us the existing user's account.so I followed the same methodology & made an account with darren username.
After successful registration. I logged into account & there I got my first flag.
Flag1:
Q.3 What is the flag that you found in Arthur's account?
Flag2:
for flag 2 we can apply same methodology. register a new account with Arthur username.
after login, it will give me flag2.
Note: i blurred the flag. follow my methodology & you will get both the flags.
Conclusion:
at the end of this blog, I want to tell you something that why this vulnerability occurs.
in this challenge, it only validates username, & also these fields are not properly sanitized. because no one will use space in their username.
Reference:
Author: Mayur Parmar (th3cyb3rc0p)
Follow me on Twitter & LinkedIn( mostly I will share tips on these social media platforms)
https://twitter.com/th3cyb3rc0p?lang=en
https://in.linkedin.com/in/th3cyb3rc0p
Bengali (Bangladesh) · 
English (United States) ·