Authentication & Authorization Lab 2

I’m working Lab 2 (task 3) of Authentication and Authorization. I’m sending authenticated and unauthenticated requests with Repeater. The unauthenticated requests should be getting “302 Moved Temporarily” but they’ve been returning “302 Found”. I’ve been removing the PHPSESSID cookie before sending the request but I’m still getting “Found”. Anyone else run into this?

Hello,

Apologies for the inconvenience and thank you for notifying us of this.

After analyzing the lab in question and the consequent tasks in their entirety, the reason the response in the screenshot differs from your response is primarily because the target server hosting the web application in the documentation was running on Windows and the server hosting the web app in the lab is running on Linux (Debian to be specific).

The reason for the difference in the HTTP response code comes down to redirection and the configuration of the web application.

I really appreciate the detailed response! This is an example of what’s so frustrating about the course. I’m working through the labs and come across something like this. Then I feel like I can’t progress further because I need to post in the community forums, the Discord, email support, have them contact you etc. I lose days in this and it really kills my progress in the course.

Thanks again!

I apologize for the inconvenience, we appreciate your feedback and are working hard on updating the courses and the labs.

If you have any other issues related to the content or the labs, feel free to create a post on the forum and I will provide you with a response as soon as possible as I will be active on the forum.

Well, I’m back again. On to the next section where you try to exploit the sqli vulnerability and it turns out the solution section is flat out wrong. In the community.ine.com someone responds “did you try --risk and --level flags, etc?” when that isn’t part of the solution. So yet again, the solution section is wrong! How am I supposed to get through this course if the content continues to be WRONG?

Hello, apologies for the inconvenience, as you know I recently joined INE and we are working on getting the labs functional and ensuring that the questions and solutions match.

I will personally test the lab and implement a solution.