Skip to main content

Method-based access control can be circumvented

1

Let's login as the admin using the following credentials:

UsernamePassword
administratoradmin

2

We can now upgrade the carlos user to admin.

3

Since we are proxying the traffic through Burp Suite, we will be able to view this request in the Proxy > HTTP History tab.

4

Let's forward this request to the Repeater for further modification.

Next, let's log out and log back in using the following credentials:

UsernamePassword
wienerpeter

5

We can go to the Proxy > HTTP History tab to get the session cookie.

6

Now, let's go back to the Repeater tab and change the request method.

7

Next, we have to replace the session cookie with the one from the wiener user's request.

We also have to set the username parameter to the following:

wiener

8

Let's go and check the browser.

9

We have solved the lab.

10