Introduction To User ID controlled by request parameter
So, how are you all doing? Today we’re starting to write articles on access control vulnerabilities. This is our 5th article on access control vulnerabilities. In this article, we will cover the PortSwigger Web Security Lab ‘User ID Controlled by Request Parameter.’ We will provide a complete step-by-step practical guide to help you understand it well.
In this lab, we will essentially access Carlos’ account’s API key through Wiener’s account. This process is called privilege escalation. Privilege escalation has two types: vertical privilege escalation and horizontal privilege escalation. In horizontal privilege escalation, a user can access another simple user’s account or their data. This is also known as low privilege escalation. On the other hand, in vertical privilege escalation, a simple user gains administrative privileges. This is also called high privilege escalation.
So, in this lab, we have been provided with the credentials ‘wiener:peter.’ First, access the lab and log in with these credentials.
After logging in, click on ‘My Account’ and log in again.
Once you are logged in, you will see an interface similar to this. Now, turn on your Burp Suite and enable the proxy.
Next, click on ‘My Account’ again and capture the request.
After capturing the request, forward it once. After forwarding, you will see a parameter named ‘id’ that you can modify to ‘carlos.’
As you can see, our username and API key have changed. Now, let’s submit this API key in the lab.
After submitting, you will see that we have successfully solved the PortSwigger Web Security Lab ‘User ID Controlled by Request Parameter.’
Don’t forget to follow me on Twitter @masaudsec.
You can learn everything related to web security on our website. We upload the latest articles on web security topics daily, so stay with us.”
To continue studying check out the next lab i.e. User ID Controlled By Request Parameter With Unpredictable User IDs, cover the current lab before visiting the next lab. Good Luck!