User role can be modified in user profile
Let's login using the following credentials:
Username | Password |
---|---|
wiener | peter |
Once logged in, we can change our email address.
Since we are proxying the traffic through Burp Suite, we can view the request by going to Proxy > HTTP History
.
We can see that the response contains the following key:value pair:
"roleid":1
Let's forward this request to the Repeater
and include the key:value pair in the body of the request.
Now we can access tot admin panel using our browser.
Let's delete the carlos
user.
We have solved the lab.