User role controlled by request parameter
https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
Level: Apprentice
Now we need to get in some way into administrative panel but this time we will be exploiting a forgeable cookie.
Looking at the /admin directory and my cookies, we see that there is a cookie called Admin, and it has the value of False.
What happens if we change the admin cookie to true and try to access admins directory.
Voila! we magically access the /admin directory and delete user Carlos.
PreviousUnprotected admin functionality with unpredictable URLNextUser role can be modified in user profile
Last updated