API 09

This exercise covers how one can inspect HTTP responses to identify information leaks.

PRO
Tier
Medium
< 1 Hr.
246
API Badge

Course


In this challenge, you need to carefully inspect the requests and responses from different API endpoints to find an information leak. By manipulating the URL, specifically the API version, you can uncover vulnerabilities that allow you to reset the password for admin@libcurl.so and gain access to the system. Using tools like Chromium and Burp Suite, you can intercept and modify requests to explore possible leaks.

The key concept here is to change the API version in the URL from v2 to v1 and see if the older endpoints reveal any sensitive information. This method allows you to find a reset_password_url that can be exploited to change the admin password and access the system. The challenge emphasizes the importance of testing different API versions to uncover hidden vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GO PRO