Unsecured Login2
[PCAP]
Unsecured Login2
We caught someone logging into their website, but they didn't check their links when submitting data!
Recon
Packet 137
contains:
Hypertext Transfer Protocol
GET /login.php?user=admin&pass=flag%7Bensure_https_is_always_used%7D HTTP/1.1\r\n
Host: 192.168.23.46\r\n
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n
Accept-Language: en-US,en;q=0.5\r\n
Accept-Encoding: gzip, deflate\r\n
Connection: keep-alive\r\n
Cookie: PHPSESSID=g9it34ivklcg3kvfo3vo54bvkv\r\n
Upgrade-Insecure-Requests: 1\r\n
\r\n
[Full request URI: http://192.168.23.46/login.php?user=admin&pass=flag%7Bensure_https_is_always_used%7D]
[HTTP request 7/8]
[Prev request in frame: 115]
[Response in frame: 138]
[Next request in frame: 152]
Flag
flag{ensure_https_is_always_used}