can u do more analyzing the source code of the vulnerability and try to look it out and fix it

@intigriti

3 ай бұрын

Heyyy, quite often with these labs we don't get access to the source code but at the end of a topic we review the mitigations / defenses. Request noted though! Maybe I can put together some simple code snippets for some examples.

Great video buddy

@intigriti

3 ай бұрын

Thanks mate! 👊

@intigriti I don't get why reset_token was added to the field parameter? field=reset_token. Aren't they both parameters? What is the logic behind this?

@intigriti

2 күн бұрын

The "field" is indeed the parameter, but since we saw "email" was a valid value for the field parameter, it makes sense that other form fields on the page would also be accepted ("reset_token" in this case).

Yo awesome Im doing this now

@intigriti

2 күн бұрын

Nice! 👊

it's great video

@intigriti

3 ай бұрын

Thanks! 💜

well the lab solution seems to be way too unrealistic...what was even that?

@intigriti

3 ай бұрын

Which part? Is it not realistic that a company would have an internal API, not accessible through the internet? Or that they might pass some user input to that API? 🤔

@mnageh-bo1mm

3 ай бұрын

@@intigriti yes why would that even be an option? It's no longer about pollution.... It's simply undocumented functionality of the api

@intigriti

3 ай бұрын

Undocumented functionality is the source of many vulnerabilities! You could have an undocumented function with an XSS or SQLi vulnerability, why not one with a parameter pollution vuln? 🙂

@mnageh-bo1mm

3 ай бұрын

@@intigriti lmao u right thx 😔😔