Hackzzz - The Notebook

User ID controlled by request parameter, with unpredictable user IDs

https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids

Level: Apprentice

In this lab we need to get access to the API Key of Carlos again.
If you try to get access to another user account by changing the id parameter to Carlos, we will not see anything interesting
Now the users have an identifier random number.

Making some recon on the posts in the page, you will see that you can see another user id random number by clicking on a posts of the respective user

Try to copy the userid from one of the posts from user Carlos.
Paste the user id from the post into your my-account userid and you will that we're log into the account of carlos to complete the lab.

PreviousUser ID controlled by request parameter NextUser ID controlled by request parameter with data leakage in redirect

Last updated 1 year ago