1. Главная
2. PseudoTime

HTTP Verb Tampering - Low Security Level

Solution:

*Note: I am using BurpSuite pre-configured browser, in case if you are not using the pre-configured browser then please configure the browser with proxy and then follow the below steps.

Step 1. Check the source code of the lesson page. Follow steps as shown in the video.
$_REQUEST[] method allows both methods POST and GET hence this vulnerability can be exploited.

Step 2. On the lesson page give password as bug and click on Change.

Step 3. Go to BurpSuite, right click and send the request to the Repeater tab.

Step 4. Change the POST with GET and make necessary changes as shown in the video.

Step 5. Click on Send and check details in the Response. (Refer video for more details).

PseudoTime

play_arrow

1,827,695

23 тыс

00:26:48

Long Beach vs UCSB Volleyball Highlights 2019

play_arrow

48

1

10 марта 2023 г.

play_arrow

673

3

эйвон добавить в заказ / Как добавить код в заказ AVON через Viber БОТ?

play_arrow

30,169,184

83 тыс

Anma Blue | Resort 2023 | Full Show

play_arrow

10,930

150

00:00:00

Ординатура: что я делаю после университета?

play_arrow

9,610

35

ODETTE CHURCHILL PREMIER

play_arrow

3,930

235

Объект 252У wot blitz | Брать не брать?

play_arrow

2,752

44

Почему всплывают тела в суспензии 1