Introduction To User role controlled by request parameter
In this article, we are starting to write about access control vulnerabilities. This is our 3rd article focusing on access control vulnerabilities. Specifically, we will cover the lab “User role controlled by request parameter” from PortSwigger Web Security. We will provide a complete step-by-step practical guide to help you understand it better.
Lab Description
In this lab, we have an “/admin” (admin panel) available to us. Our task is to access the admin panel and delete Carlos’ account. We have been provided with our own credentials, which are wiener:peter. We will exploit a flaw in the lab’s cookies to solve this lab.
First, access the lab by logging in.
After accessing the lab, append “/admin” at the end of the lab’s URL.
Upon adding “/admin,” an error message “Admin interface only available if logged in as an administrator” is displayed. Now, login using the provided credentials, but intercept the request in Burp Suite during the login process.
I have intercepted the request during login. Now, I will look for “admin=false” in this request.
For that purpose, I have forwarded this request.
After forwarding the request, I receive a cookie with the value “false.” I will modify it to “admin=true” and forward the request again.
After forwarding the request, I will check the result in the browser to see if we have become an admin.
As you can see, we have successfully accessed the admin panel by manipulating the cookies. Now, let’s simply delete Carlos’ account.
Simply append “/admin/delete?username=carlos” to the URL and delete Carlos’ account. Then, check the result in the browser.
So, we have successfully solved the lab “User role controlled by request parameter” from PortSwigger Web Security.
You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.
To continue studying check out the next lab i.e. User Role Can Be Modified In User Profile, cover the current lab before visiting the next lab. Good Luck!
You can also follow me on Twitter: @masaudsec.
FAQS
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
