Multi-step process with no access control on one step
Let's login as the admin using the following credentials:
| Username | Password |
|---|---|
| administrator | admin |
Let's now promote the carlos user to admin.
Since we are proxying the traffic through Burp Suite, we can view this request in the Proxy > HTTP History tab.
Let's forward this request to the Repeater for further modification.
Next, let's login using the following credentials:
| Username | Password |
|---|---|
| wiener | peter |
Let's view the session cookie in the Proxy > HTTP History tab.
We now have to replace the session cookie in the Repeater tab with the wiener user's session cookie.
We also have to the set the username parameter to the following:
wiener
Let's go check in the browser.
We have solved the lab.