Heyyy, quite often with these labs we don't get access to the source code but at the end of a topic we review the mitigations / defenses. Request noted though! Maybe I can put together some simple code snippets for some examples.
@intigriti I don't get why reset_token was added to the field parameter? field=reset_token. Aren't they both parameters? What is the logic behind this?
The "field" is indeed the parameter, but since we saw "email" was a valid value for the field parameter, it makes sense that other form fields on the page would also be accepted ("reset_token" in this case).
Which part? Is it not realistic that a company would have an internal API, not accessible through the internet? Or that they might pass some user input to that API? 🤔
Undocumented functionality is the source of many vulnerabilities! You could have an undocumented function with an XSS or SQLi vulnerability, why not one with a parameter pollution vuln? 🙂
Thank you for showing everything clearly!
🥰
can u do more analyzing the source code of the vulnerability and try to look it out and fix it
Heyyy, quite often with these labs we don't get access to the source code but at the end of a topic we review the mitigations / defenses. Request noted though! Maybe I can put together some simple code snippets for some examples.
burp suite intruder tab add from list is available in pro version only
The pre-set lists are pro-only but you should be able to import your own wordlist, with one word on each line
@intigriti I don't get why reset_token was added to the field parameter? field=reset_token. Aren't they both parameters? What is the logic behind this?
The "field" is indeed the parameter, but since we saw "email" was a valid value for the field parameter, it makes sense that other form fields on the page would also be accepted ("reset_token" in this case).
Great video buddy
Thanks mate! 👊
Yo awesome Im doing this now
Nice! 👊
it's great video
Thanks! 💜
well the lab solution seems to be way too unrealistic...what was even that?
Which part? Is it not realistic that a company would have an internal API, not accessible through the internet? Or that they might pass some user input to that API? 🤔
@@intigriti yes why would that even be an option? It's no longer about pollution.... It's simply undocumented functionality of the api
Undocumented functionality is the source of many vulnerabilities! You could have an undocumented function with an XSS or SQLi vulnerability, why not one with a parameter pollution vuln? 🙂
@@intigriti lmao u right thx 😔😔