User role controlled by request parameter
https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
Last updated
https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
Last updated
We can login using the following credentials:
Username | Password |
---|---|
wiener | peter |
Since we are proxying the traffic through Burp Suite, we can see this request in the Proxy > HTTP History
tab.
As we can see, the response sets an Admin
cookie to false
.
In the next request, we can see that the cookie is used in the header.
Let's go into the browser Developer Tools > Storage
and set the Admin
cookie to true
.
We can now refresh the page.
We now have access to the admin panel.
Let's delete the carlos
user.
We have solved the lab.