bWAPP, or a buggy web application, is a deliberately insecure web application.
bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. It prepares to conduct successful penetration testing and ethical hacking projects. It is for educational purposes only.
What makes bWAPP so unique? Well, it has over 60 web bugs!
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!
The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.
You can download bWAPP from here. Have fun!
It's also possible to download our bee-box, a custom Linux VM pre-installed with bWAPP.
Insecure Direct Object Ref. (Secret)
Here you can change your Secret from your User.
A Closer look with Tamper.
We can see thats we can change the user too 
Now change the user to a exists User and change her Secret 
Changed perfect
Last check if it worked
Well done
I cant see the image ...pls add again ...as your blog helping me a lot ...kindly do asap thank you
ReplyDeleteI profit $20 for each 20 minute survey!
ReplyDeleteGuess what? This is exactly what big companies are paying me for. They need to know what their average customer needs and wants. So big companies pay $1,000,000's of dollars every month to the average person. In return, the average person, like myself, answers some questions and gives them their opinion.