Multi-step process with no access control on one step
https://portswigger.net/web-security/access-control/lab-multi-step-process-with-no-access-control-on-one-step
Last updated
https://portswigger.net/web-security/access-control/lab-multi-step-process-with-no-access-control-on-one-step
Last updated
Let's login as the admin using the following credentials:
Username | Password |
---|---|
administrator | admin |
Let's now promote the carlos
user to admin.
Since we are proxying the traffic through Burp Suite, we can view this request in the Proxy > HTTP History
tab.
Let's forward this request to the Repeater
for further modification.
Next, let's login using the following credentials:
Username | Password |
---|---|
wiener | peter |
Let's view the session cookie in the Proxy > HTTP History
tab.
We now have to replace the session cookie in the Repeater
tab with the wiener
user's session cookie.
We also have to the set the username
parameter to the following:
Let's go check in the browser.
We have solved the lab.