Method-based access control can be circumvented

https://portswigger.net/web-security/access-control/lab-method-based-access-control-can-be-circumvented

Let's login as the admin using the following credentials:

Username	Password
administrator	admin

We can now upgrade the carlos user to admin.

Since we are proxying the traffic through Burp Suite, we will be able to view this request in the Proxy > HTTP History tab.

Let's forward this request to the Repeater for further modification.

Next, let's log out and log back in using the following credentials:

Username	Password
wiener	peter

We can go to the Proxy > HTTP History tab to get the session cookie.

Now, let's go back to the Repeater tab and change the request method to POST.

Next, we have to replace the session cookie with the one from the wiener user's request. We also have to set the username parameter to the following:

wiener

Let's go and check the browser.

We have solved the lab.