User ID controlled by request parameter
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter
Last updated
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter
Last updated
Let's login using the following credentials:
Username | Password |
---|---|
Since we are proxying the traffic through Burp Suite, we can view this request by going to Proxy > HTTP History
.
We can see that the request contains a parameter called id
which is set to wiener
. Let's forward the request to the Repeater
and set the id
parameter to the following:
We can now submit this API key through the browser.
We have solved the lab.
wiener
peter