Referer-based access control
https://portswigger.net/web-security/access-control/lab-referer-based-access-control
Last updated
https://portswigger.net/web-security/access-control/lab-referer-based-access-control
Last updated
We can login as the admin using the following credentials:
| Username | Password |
|---|---|
administrator | admin |
Let's go to the admin panel and upgrade the carlos user.
Since we are proxying the traffic through Burp Suite, we can go to the Proxy > HTTP History tab to view the request.
Notice that the request contains the Refered header set to the following:
That tells the server that the request is coming from the /admin page which can only be accessed by the administrator.
Let's forward this request to the Repeater for further modification.
Next, let's logout and login using the following credentials:
| Username | Password |
|---|---|
wiener | peter |
We now have to replace the session cookie in the Repeater tab with the wiener user's session cookie and set the username parameter to the following:
Since we included the Referer header, the server upgraded our user.
Let's check in the browser.
We have solved the lab.
