Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Writeup: 2FA broken logic - Aleyna Doğan

Aleyna

Portswigger Lab

Writeup: 2FA broken logic

updated on

Lab link.

On the 2FA login pages, we send the MFA code, which is our last request. We leave only the verify component in the cookie value and make it carlos instead of wiener. When we send the request, we get the information that the MFA code is incorrect, which indicates that the system is vulnerable.

We can access the MFA code by brute-force attack.

Necessary cookie arrangements are made in the browser.

More Lab
Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir