Referer-based access control

Introduction

Hello, today we are starting to write articles on Access Control Vulnerabilities. This is our 13th article on access control vulnerabilities. In this article, we will cover the PortSwigger Web Security lab “Referer-based access control.” We will provide a complete step-by-step practical guide in order for you to understand it well.

Table of Contents

Lab Description For Referer-based access control

This lab is vulnerable to a broken access vulnerability. We have been provided with an admin functionality to become familiar with it. The admin panel credentials are administrator:admin.

To solve this lab, we need to log in with the admin credentials. We will then have to upgrade Carlos’ account and then upgrade Wiener’s account using that request.

Lab Solution For Referer-based access control

First, access your lab. After accessing it, click on “My Account.”

After clicking on “My Account,” log in with the provided admin credentials.

Now, click on the admin panel and upgrade Carlos’ account. Also, connect Burp Suite and start analyzing the traffic at the same time.

We have a GET /admin-roles?username=carlos&action=upgrade request. Send it to the repeater.

Simply log out of your account and log in with Wiener’s account. After logging in, click on “My Account.”

You will notice a GET request like this:

GET /my-account?id=wiener HTTP/2
Host: 0a1c000704d29a278213ac0500a100dd.web-security-academy.net
Cookie: session=7aQ5IQY5tLzovFSlj8CeMWWx9tfsqZBP

Copy the value of the cookie: session, which is (7aQ5IQY5tLzovFSlj8CeMWWx9tfsqZBP) in my case.

Now, go to the repeater tab and replace the cookie in Carlos’ upgrade request with this copied cookie. Also, change the name from Carlos to Wiener.

By doing this, you will solve the PortSwigger Web Security lab “Referer-based Access Control.”

You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.

Now you have officially completed all the labs for Access Control, Now you have to move towards the XXE Injection & the Labs Start from Here : Exploiting XXE Using External Entities To Retrieve Files. Good Luck!

FAQS

What is web security?

Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.

What is web application security?

Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.

Which of the following is a good security practice for web browsing?

It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.

How to find someone’s social security number on the dark web

Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.