API 08

This exercise covers how one can inspect HTTP responses to identify information leaks.

PRO
Tier
Medium
< 1 Hr.
1079
API Badge

Course


In this challenge, your objective is to scrutinize the responses from various API endpoints to identify an information leak that lets you log in as admin@libcurl.so and obtain the key for the challenge. The video demonstrates a scenario where attempting to log in with default credentials fails, prompting the use of the password reset functionality. By inspecting the network responses with developer tools, you can observe that the application leaks the reset password URL, which can then be used to reset the admin password.

After resetting the password using the leaked URL, you can log in with the new credentials and access the key for the challenge. This exercise emphasizes the importance of thoroughly checking both requests and responses for any information leaks or security vulnerabilities that could be exploited. It illustrates how seemingly benign information in responses can have significant security implications.

Want to learn more? Get started with PentesterLab Pro! GO PRO