Skip to main content

User role can be modified in user profile

1

Let's login using the following credentials:

UsernamePassword
wienerpeter

Once logged in, we can change our email address.

2

Since we are proxying the traffic through Burp Suite, we can view the request by going to Proxy > HTTP History.

3

We can see that the response contains the following key:value pair:

"roleid":1

Let's forward this request to the Repeater and include the key:value pair in the body of the request.

4

Now we can access tot admin panel using our browser.

5

Let's delete the carlos user.

6

We have solved the lab.

7