Referer-based access control
https://portswigger.net/web-security/access-control/lab-referer-based-access-control
Last updated
https://portswigger.net/web-security/access-control/lab-referer-based-access-control
Last updated
We can login as the admin using the following credentials:
Username | Password |
---|---|
administrator | admin |
Let's go to the admin panel and upgrade the carlos
user.
Since we are proxying the traffic through Burp Suite, we can go to the Proxy > HTTP History
tab to view the request.
Notice that the request contains the Refered
header set to the following:
That tells the server that the request is coming from the /admin
page which can only be accessed by the administrator.
Let's forward this request to the Repeater
for further modification.
Next, let's logout and login using the following credentials:
Username | Password |
---|---|
wiener | peter |
We now have to replace the session cookie in the Repeater
tab with the wiener
user's session cookie and set the username
parameter to the following:
Since we included the Referer
header, the server upgraded our user.
Let's check in the browser.
We have solved the lab.