7.3 Lab: User role controlled by request parameter | 2023

9 months ago 50
BOOK THIS SPACE FOR AD
ARTICLE AD

This Lab has an admin panel at /admin, which is using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos | Karthikeyan Nagaraj

Karthikeyan Nagaraj

This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie.

Solve the lab by accessing the admin panel and using it to delete the user carlos.

You can log in to your own account using the following credentials: wiener:peter

Log In with the credentials wiener:peterChange the Value of Admin Cookie to True and Refresh the pageNow you can access admin panel and you can delete the user Carlos to solve the lab
Log In with the credentials wiener:peterNow, Enable the proxyIn the Request Right Click > Do Intercept > Response to this requestNow on the response you can able to see the admin cookie’s value set to falseChange it to true then send the requestSwitch of the proxy if neededNow you can access admin panel and you can delete the user Carlos to solve the lab
Read Entire Article