User role controlled by request parameter

This lab has an admin panel at/admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete Carlos. You can log in to your own account using the following credentials:

On the lab's login page, enter the credentials that were provided to you.

Observe that the response sets the cookie Admin=false. Change it to Admin=true.

Admin panel shows up in Burp repeater

Under "Application" in the Chromium browser, you will discover local cookies.

Change Admin cookie to true to enable admin panel

The flag

PreviousUnprotected admin functionality with unpredictable URL NextUser ID controlled by request parameter, with unpredictable user IDs

Last updated 6 months ago