Method-based access control can be circumvented
Let's login as the admin using the following credentials:
| Username | Password |
|---|---|
| administrator | admin |
We can now upgrade the carlos user to admin.
Since we are proxying the traffic through Burp Suite, we will be able to view this request in the Proxy > HTTP History tab.
Let's forward this request to the Repeater for further modification.
Next, let's log out and log back in using the following credentials:
| Username | Password |
|---|---|
| wiener | peter |
We can go to the Proxy > HTTP History tab to get the session cookie.
Now, let's go back to the Repeater tab and change the request method.
Next, we have to replace the session cookie with the one from the wiener user's request.
We also have to set the username parameter to the following:
wiener
Let's go and check the browser.
We have solved the lab.