🕵‍♂️ Info:

This lab implements access controls based partly on the HTTP method of requests. You can familiarize yourself with the admin panel by logging in using the credentials administrator:admin.

🎯Goal:

To solve the lab, log in using the credentials wiener:peter and exploit the flawed access controls to promote yourself to become an administrator.

First From the description of the lab i noticed that we need to login as administrator cred first

i will login as administrator and show the requests

• i will upgrade carlos to see the function upgrade

i noticed from history if i upgraded any user it will send request with POST request Method

and followed GET Request Method to done upgraded

• from the description of lab → implements access controls based partly on the HTTP method of requests.

1. So now the lab check on the method not the user send this request if is administrator or not
2. i will login as wiener : peter
3. my target is upgrade my role i will intercept the request of POST From upgrading from administrator request and copy the session of wiener and paste it in session of administrator Request → POST admin-role and i will change the username = wiener and action = upgrade

like this

so know i just change request method to GET and send the request

Click on follow redirection