Broken Authentication -> Account Takeover Via Multistage Login
Exploitation
This webapp has authentication flaw that allows attacker to takeover an account of any registered user. We have been provided with the credential of Joe but our goal is to login as Jane.
Let’s enter the credentials Joe:banana, click on submit and then intercept the request in burpsuite.
Nothing interesting here, let’s forward the request.
Here we have been asked to enter the value of Tan #2 which was 4894. Let’s submit and intercept the request in burpsuite.
Well, hidden_user looks interesting target to us, we will replace Joe with Jane and see if we can login to Jane account.
Let’s forward the request
Great!, We have takenover jane account.