Hackzzz - The Notebook

⌘Ctrlk

User role can be modified in user profile

https://portswigger.net/web-security/access-control/lab-user-role-can-be-modified-in-user-profile

Level: Apprentice

The following challenge tells us to log in and delete user Carlos.
We will do that using the roleid parameter in the modified requests.

Making some recon, you will notice that the requests we are making to change the user email is in JSON format
We can try to add the roleid parameter with the value of 2 as said in the beginning.

add the roleid this way

Once you make the modified requests you will see that we can access an "admin feature".
Click on it to delete user Carlos and Complete the challenge.

PreviousUser role controlled by request parameter NextUser ID controlled by request parameter

Last updated 3 years ago