User ID controlled by request parameter

https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter

Let's login using the following credentials:

Username

Password

wiener

peter

Since we are proxying the traffic through Burp Suite, we can view this request by going to Proxy > HTTP History.

We can see that the request contains a parameter called id which is set to wiener. Let's forward the request to the Repeater and set the id parameter to the following:

carlos

We can now submit this API key through the browser.

We have solved the lab.

Last updated 1 year ago

Was this helpful?