Course
In this challenge, you need to review the responses from different API endpoints to find an information leak that allows you to log in as admin@libcurl.so and retrieve the challenge key. By examining the reset password functionality, you can uncover a URL leak that enables you to reset the admin password and gain access.
Skills covered
Authentication
CWE-200
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
