User role can be modified in user profile
Let's login using the following credentials:
| Username | Password |
|---|---|
| wiener | peter |
Once logged in, we can change our email address.
Since we are proxying the traffic through Burp Suite, we can view the request by going to Proxy > HTTP History.
We can see that the response contains the following key:value pair:
"roleid":1
Let's forward this request to the Repeater and include the key:value pair in the body of the request.
Now we can access tot admin panel using our browser.
Let's delete the carlos user.
We have solved the lab.