User ID controlled by request parameter, with unpredictable user IDs
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids
Last updated
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids
Last updated
We can login using the following credentials:
| Username | Password |
|---|---|
wiener | peter |
Since we are proxying the traffic through Burp Suite, we can go to Proxy > HTTP History in order to view the request.
As we can see, the request contains an id parameter. In order to access the carlos user's API key we will first need to find his GUID.
First let's forward this request to the Repeater for later modification.
Then let's look for some post written by the carlos user.
We can now view the user's profile.
Let's read this request in the Proxy > HTTP History tab.
Now that we have the GUID, we can go to the Repeater and set the id parameter to the carlos user's GUID and send the request.
Let's submit the API key.
We have solved the lab.
