WEBVTT

00:01.300 --> 00:05.660
Now, in this lesson, we will continue with a vulnerability in the login mechanism.

00:06.370 --> 00:12.460
Sometimes developers add a temporary account, were a method for testing purposes and then forget to

00:12.460 --> 00:14.830
remove them before publishing the app.

00:15.370 --> 00:16.510
Who would do that?

00:18.060 --> 00:18.890
Let's get started.

00:20.120 --> 00:24.920
So first, let's make sure that Android emulator and the application server are running.

00:26.840 --> 00:33.170
Now let's take a closer look at the perform log-in method of the Lorgat activity that's launched when

00:33.170 --> 00:34.550
the login button is selected.

00:36.430 --> 00:45.040
So the perform log in is a method that creates a new intent, which launches the do log in activity

00:45.700 --> 00:51.340
and then passes the credentials entered by the user as the parameters to this activity.

00:52.550 --> 00:54.200
So we'll go with this activity.

00:55.940 --> 00:59.480
Hmmm, where's the dialogue in activity?

01:00.510 --> 01:01.830
Yup, it is.

01:06.640 --> 01:12.490
But what we're actually looking for isn't here, so let's check the others.

01:20.510 --> 01:25.740
Ah, here is a very interesting method called post data.

01:26.930 --> 01:30.660
So this method is used to send the login credentials to the server.

01:31.460 --> 01:38.210
Now, hopefully you can see here that if we enter the username dev admin and then the credentials would

01:38.210 --> 01:43.040
be sent to a different endpoint called slash dev login.

01:43.880 --> 01:47.480
And that's how we can log in successfully.

01:48.890 --> 01:50.330
Let's go ahead and check it out.

01:52.230 --> 01:56.160
Enter Deve admen for the username without a password.

02:03.010 --> 02:08.000
What do you think we logged in without a password and yeah, that's really fun.

02:08.020 --> 02:09.490
It can be exhilarating to.