User ID controlled by request parameter, with unpredictable user IDs
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids
Last updated
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids
Last updated
We can login using the following credentials:
Username | Password |
---|---|
wiener | peter |
Since we are proxying the traffic through Burp Suite, we can go to Proxy > HTTP History
in order to view the request.
As we can see, the request contains an id
parameter. In order to access the carlos
user's API key we will first need to find his GUID.
First let's forward this request to the Repeater
for later modification.
Then let's look for some post written by the carlos
user.
We can now view the user's profile.
Let's read this request in the Proxy > HTTP History
tab.
Now that we have the GUID, we can go to the Repeater
and set the id
parameter to the carlos
user's GUID and send the request.
Let's submit the API key.
We have solved the lab.