Was that your own email account you logged in to?

Pynthon here: ooob1 interesting movie! Do you also use Web2py or did you just use it for this example?

thanks for the ind comments .. yes I'm a web2py user.

This is an excellent video about a known type of vulnerability that be introduced by the programmer in many web applications.

In your example you use web2py to create the vulnerability and demonstrate how to exploit it.

web2py provides a fields type called "password" that prevents sending the password back to browser and thus prevents this vulnerability.

The web2py built-in authentication mechanism (which you are not using) avoid the vulnerability using such mechanism.

Yes I had to go through unusual mechanisms to create that webapp ;-) I used web2py just because its a great framework.

By default, are you explain, web2py does not allow you to create such vulnerable code. The demo is not meant to show vulnerabilities in web2py, but rather generic issues found in web applications and how Acunetix WVS can be used to demonstrate these vulnerabilities.