User role controlled by request parameter
https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
Last updated
https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
Last updated
We can login using the following credentials:
| Username | Password |
|---|---|
wiener | peter |
Since we are proxying the traffic through Burp Suite, we can see this request in the Proxy > HTTP History tab.
As we can see, the response sets an Admin cookie to false.
In the next request, we can see that the cookie is used in the header.
Let's go into the browser Developer Tools > Storage and set the Admin cookie to true.
We can now refresh the page.
We now have access to the admin panel.
Let's delete the carlos user.
We have solved the lab.
