Hey guys, how are you all? Today we are starting to write articles on access control vulnerabilities. This is our 7th article on access control vulnerabilities. In this article, we will cover the PortSwigger Web Security lab ‘User ID controlled by request parameter with password disclosure.’ We will provide a complete step-by-step practical guide in this article to help you understand it well.
Lab Description For User ID controlled by request parameter with password disclosure
In this lab, we have a password field that contains a pre-filled password stored as a masked input. To solve this lab, we need to find the administrator’s password and delete Carlos’ account. To solve the problem, we are given an account to log in with the username ‘wiener’ and password ‘peter.’
First, we need to access the lab. Once we have access, we can log in. After logging in, you will find an option to change the email and password.
When I right-clicked on the ‘update password’ page and viewed the source code, I found that the password value was exposed, which was: <input required type=password name=password value=’peter’/>
Now, click on ‘My Account,’ which will generate a GET request ‘/my-account?id=wiener’ in Burp Proxy.
Send this request to the Repeater.
After sending the request to the Repeater, I replaced the parameter ‘wiener’ with ‘administrator’ and forwarded the request. After reading the response, I discovered that the admin’s password was exposed, which you can see in the screenshot above. Now, we will log in using this password.
So, I have successfully logged in to the admin panel.
I deleted Carlos’ account and successfully solved the PortSwigger Web Security lab ‘User ID controlled by request parameter with password disclosure.’
To continue studying check out the next lab i.e. Insecure Direct Object References, cover the current lab before visiting the next lab. Good Luck!
Don’t forget to follow me on Twitter @masaudsec.
You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.”
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.