Today’s blog post is #7 in the BodgeIt Store series.
To view the blog post #6 click HERE.
Today’s topic is we’re going to change our password via a GET request.
Let’s get started.
We were able to log into the application without supplying a password – click HERE to read it.
Logging into the application as firstname.lastname@example.org’ OR ‘1’=’1
We get the following:
Clicking on the email@example.com link we see:
Let’s view the page source of the webpage:
We see that the update password is looking for a POST, but we need to send it as a GET. How are we going to solve this?
Let’s do a right click on one of the text boxes and select “inspect element”.
From there we see:
Double clicking on the form method we’re going to change the method from POST to GET.
Going back to the password page, we can select the password to anything. I am going to use “hello”, and press “Submit”
We we’re able to change our password, through a GET request.
Let’s see if our solution was accepted.
Our solution was accepted (as the challenge is now green)!