From the interface I guess I should try to vote so let’s try it by clicking on the stars
This challenge is basically a “suggestion” to make use of source code, when available, to get as much information as possible
First of all send yourself a mail on WebWolf to get the reset link structure, put <username>@<anydomain> and press “Reset Password”
Second WebGoat challenge, we have to log in as Larry, let’s see what’s in here
The “Forgot Password” link is fake and not much in HTML source
Burp shows that, apart from the request to /WebGoat/Challenge5.lesson.lesson and its HTML, there is not much else when requesting the page
There is…
WebGoat SSRF 2
After watching this mind-blowing talk about SSRF from Orange Tsai
let’s see what’s in this lesson
