PS Access control lab - User role can be modified in user profile
Objective: This lab has an admin panel at
/admin
. It’s only accessible to logged-in users with aroleid
of2
. Solve the lab by accessing the admin panel and using it to delete the usercarlos
. You can log in to your own account using the following credentials:wiener:peter
.
When trying to access
/admin
with the userwiener
:If we try to update
wiener
’s email, intercept the request, and send it to the Repeater it looks like this:We can see the POST request includes the
email
parameter, but the response includes theroleid
parameter, among others. Thus, we can intercept the request with Proxy, add theroleid
parameter and set its value to2
:Now that we have access to the admin panel, we can delete
carlos
and solve the lab:
This post is licensed under CC BY 4.0 by the author.