Day 1
Task – Injection
Question #1: Log into the administrator account!
Capture the request and change the parameters
Click on send button
See response in browser
The token used is a jwt token which can be easily decoded from jwt.io
After decoding you get the password
Login with the credentials
Here is your flag.
Question #2: Log into the Bender account!
In this case we have changed our payload to this:
And follow the above process you will get your flag
Discover more from Information Security Blogs
Subscribe to get the latest posts sent to your email.