Introduction
So guys, this is our 7th article on access control vulnerabilities. In this article, we will cover the PortSwigger Web Security lab “User ID controlled by request parameter with data leakage in redirect.” We will provide a complete step-by-step practical guide so that you can understand it well.
Lab Description Of User ID controlled by request parameter with data leakage in redirect
Friends, in this lab, there is an access control vulnerability that is leaking sensitive data in the response. To solve this lab, we have been provided with the credentials: username=wiener and password=peter. We need to retrieve Carlos’ account API key and submit it in the lab to solve it.
To solve the lab, the first thing we need to do is access it. After accessing the lab, we need to log in. Before logging in, make sure to configure your Burp Suite and enable the proxy so that you can analyze the application.
In the screenshot above, you can see that I am logged into the browser on one side and analyzing the traffic on the other side.
After logging in, you can click on “My Account” and view the 303 request.
Modifying UserID
One thing to note is that when you are in the “My Account” section, it is a GET-based request, and your data goes in the URL. We have the “id=wiener” here, so we can change it to “id=carlos” and check if we can access Carlos’ account or not.
But when I changed it to “id=carlos,” the application logged me out.
You can check the HTTP history to see the GET request where we changed the value to Carlos and got logged out. The response to that request contains the leaked data, including Carlos’ API key. Now, we can use this key to solve the lab.
After submitting the key, we successfully solved the PortSwigger Web Security lab “User ID controlled by request parameter with data leakage in the redirect.” Congratulations!
You can also follow me on Twitter @masaudsec.
You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.
To continue studying check out the next lab i.e. User ID Controlled By Request Parameter With Password Disclosure, cover the current lab before visiting the next lab. Good Luck!
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
