BOOK THIS SPACE FOR AD
ARTICLE ADHello everyone I’m Ahmed a new learner of bug bounty known as THE ATC TH3_4TC I’m so happy share with you my first write-up of portswigger lab bug accsess control vurnablibty I hope it help someone till now I’ll hope you enjoy wish me the best to read my next writeup for my fisrt valid bounty or dup bug hhh
PS: sorry for my bad English
Link of lab : https://portswigger.net/web-security/access-control/lab-method-based-access-control-can-be-circumvented
Degree : PRACTITIONER
STEPS TAKEN :
I logged in admin account with their credentials administrator:adminI browsed his account to see his functionality in admin panel and options like downgrade and upgradeIn the browser:
3. I Noticed the link of the requests of users ../admin-roles and parameters username & action
4. I logged out from admin account
5. I logged in with normal user credentials wiener:peter
6. I requested the link ../admin-roles
7. I looked at burp i see that in the response that mark missing ‘username’ parameter
8. I added username parameter I get the same error
9. I added username and action parameter i get the same error
10. I changed the request from get to post i get error ‘unauthorized’ it make sense from previous labs I solved
11. I added the parameters username and action I get error unauthorized
12. I changed the request from post to put and BOOOM I get 302 redirect then the best value 200 OK honey
LAB SOLVED
My Tweeter is : https://twitter.com/TH3_4TC