🔐 Authentication Vulnerability Lab

This lab demonstrates authentication and access control vulnerabilities.

🔴 Weak client-side authentication
🟠 Insecure session storage (localStorage)
🔴 Broken access control

🔐 Login (Vulnerable)

⚔️ Exploit

Open DevTools → Console
Run: localStorage.setItem("isLoggedIn", "true")
Refresh page
Access without login

💥 Impact

Unauthorized access
Session bypass
Client-side auth is insecure

🧠 Vulnerability Breakdown

🔴 Weak Authentication

Login logic is fully client-side and can be modified.


        login = function() {
        document.getElementById("message").textContent = "Login successful";
        }

🟠 Insecure Session

Session stored in localStorage can be manipulated.


        localStorage.setItem("isLoggedIn", "true");