search

bugcrowd / bugcrowd_university

Open source education content for the researcher community
https://www.bugcrowd.com/university
Creative Commons Attribution 4.0 International
2.6k stars 553 forks source link

Specify difficulty levels in bWapp #3

Open epi052 opened 5 years ago

epi052 commented 5 years ago

Hello,

First off, thank you for creating this content! While going through the broken access control labs, specifically IDOR (Change Secret), I saw that there are different levels of difficulty. Low security was trivial, then medium security was a random number sha1'd (found by looking at the server's source). I believe the intent for medium/hard on that challenge is to use SQLi (could definitely be mistaken).

My suggestion is that in the event of varying levels of difficulty, lab guides should specify to what degree BCU expects us to complete them, i.e. low and medium, all levels, or just low, etc...

Thank you again, I'm looking forward to the upcoming sections!

~epi

jhaddix commented 5 years ago

Thanks @epi052 I will add that to the next release!

AnonX31st commented 5 years ago

Your the man! @jhaddix