Portswigger - Business Logic - Lab #1 Excessive trust in client side controls скачать в хорошем качестве

Portswigger - Business Logic - Lab #1 Excessive trust in client side controls

Hello Hackers, in this video of Excessive trust in client side controls you will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:47 - Mapping the application 1:52 - Test the purches workflow 2:34 - Test API endpoints 🔍 About the Lab Lab: Excessive trust in client-side controls Level: Apprentice This lab doesn't adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, buy a "Lightweight l33t leather jacket". You can log in to your own account using the following credentials: wiener:peter ✅ What to do ? 1. With Burp running, log in and attempt to buy the leather jacket. The order is rejected because you don't have enough store credit. 2. In Burp, go to "Proxy" then "HTTP history" and study the order process. Notice that when you add an item to your cart, the corresponding request contains a price parameter. Send the POST /cart request to Burp Repeater. 3. In Burp Repeater, change the price to an arbitrary integer and send the request. Refresh the cart and confirm that the price has changed based on your input. 4. Repeat this process to set the price to any amount less than your available store credit. 5. Complete the order to solve the lab. Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋 #WebSecurityAcademy #portswigger #vulnerability