2FA simple bypass
https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice/authentication-apprentice/authentication/multi-factor/lab-2fa-simple-bypass
Description
This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, access Carlos's account page.
Your credentials:
wiener:peter
Victim's credentials
carlos:montoya
Solution

Starting login as wiener user, after inserting username and password, the system asks us a 4-digit security code.

We can request the numeric secure code clicking on Email client button:

inserting it in the dedicated field, we log us correctly as 'wiener':
Save the URL page: https://0a6b0064035e981b809621c7009f0018.web-security-academy.net/my-account?id=wiener
Checking request there's two login form:
'Login' page:

and 'Login2' page, with GET method:

and with POST method:

All clear, Logout from wiener's account and try to login into carlos's account (carlos:montoya
):

clicking on "Email client" button we can't see dedicated code message.
Remember the URL relative to 'wiener' account, we can try to change it manually and jump/bypass the 2FA check, solving the lab:
https://0a6b0064035e981b809621c7009f0018.web-security-academy.net/my-account?id=carlos

Last updated