bugcrowd_university icon indicating copy to clipboard operation
bugcrowd_university copied to clipboard
verified publisher icon bugcrowd

Specify difficulty levels in bWapp

Open epi052 opened this issue 7 years ago • 2 comments

Hello,

First off, thank you for creating this content! While going through the broken access control labs, specifically IDOR (Change Secret), I saw that there are different levels of difficulty. Low security was trivial, then medium security was a random number sha1'd (found by looking at the server's source). I believe the intent for medium/hard on that challenge is to use SQLi (could definitely be mistaken).

My suggestion is that in the event of varying levels of difficulty, lab guides should specify to what degree BCU expects us to complete them, i.e. low and medium, all levels, or just low, etc...

Thank you again, I'm looking forward to the upcoming sections!

~epi

epi052 avatar Oct 12 '18 11:10 epi052

Thanks @epi052 I will add that to the next release!

jhaddix avatar Oct 12 '18 23:10 jhaddix

Your the man! @jhaddix

AnonX31st avatar Dec 05 '18 04:12 AnonX31st