2FA simple bypass
Let's login to our account using the following credentials:
| Username | Password |
|---|---|
| wiener | peter |
If we clink on Email client we can view our security code.
Now, let's login using the following credentials:
| Username | Password |
|---|---|
| carlos | montoya |
Once logged in, we can set the URI to the following:
https://0a54007304ac552080c7d5ba00640023.web-security-academy.net/my-account
By doing so, we are entering the logged-in state that the wiener user was in.
We have solved the lab.