Skip to main content

User ID controlled by request parameter, with unpredictable user IDs

1

We can login using the following credentials:

UsernamePassword
wienerpeter

2

Since we are proxying the traffic through Burp Suite, we can go to Proxy > HTTP History in order to view the request.

3

As we can see, the request contains an id parameter. In order to access the carlos user's API key we will first need to find his GUID.

First let's forward this request to the Repeater for later modification.

Let's now look for some post written by the carlos user.

4

We can now view the user's profile.

5

Let's read this request in the Proxy > HTTP History tab.

6

Now that we have the GUID, we can go to the Repeater and set the id parameter to the carlos user's GUID and send the request.

7

Let's submit the API key.

8

We have solved the lab.

9