User role controlled by request parameter

https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter

We can login using the following credentials:

Username

Password

wiener

peter

Since we are proxying the traffic through Burp Suite, we can see this request in the Proxy > HTTP History tab.

As we can see, the response sets an Admin cookie to false.

In the next request, we can see that the cookie is used in the header.

Let's go into the browser Developer Tools > Storage and set the Admin cookie to true.

We can now refresh the page.

We now have access to the admin panel.

Let's delete the carlos user.

We have solved the lab.

Last updated 1 year ago

Was this helpful?