Skip to main content

User ID controlled by request parameter

1

Let's login using the following credentials:

UsernamePassword
wienerpeter

2

Since we are proxying the traffic through Burp Suite, we can view this request by going to Porxy > HTTP History.

3

We can see that the request contains a parameter called ìd which is set to wiener.

Let's forward the request to the Repeater and set the id parameter to the following:

carlos

4

We can now submit this API key through the browser.

6

We have solved the lab.

7