TryHackMe: OWASP Top 10 || Severity 2 || Broken Authentication Practical
Mar 29, 2021
The main goal of this exercise is to exploit the logic flaw within the authentication mechanism.
#1 What is the flag that you found in darren’s account?
#2 What is the flag that you found in arthur’s account?
For these two challenges,
- Register the same username but with a space in front, e.g. “ darren”. This will register a new user for you.
- Due to the application only validates the username without proper sanitization of user’s input, this exploitation works.