🕵‍♂️Info:
This lab has an admin panel with a flawed multi-step process for changing a user's role. You can familiarize yourself with the admin panel by logging in using the credentials administrator:admin.
🎯 Goal:
To solve the lab, log in using the credentials wiener:peter and exploit the flawed access controls to promote yourself to become an administrator.
First We have misconfiguration in one step
- login as administrator with
cerd
- Observe requests when you will upgrade
carlos
- you will see 3 requests
- 2 of this requests have the same endpoint so i will open 2 requests to know the diffrenet
- from website we know this lab need a confirmed step from admin to upgrade any user
- so now we need to upgrade wiener our account to administrator
- login as wiener : peter
- and catch the request
/my-account?id=wiener
- and copy wiener session
- Go to the request for check and replace administrator session with wiener
- and now replace username from
carlos → wiener
- send the request and click on follow redirection
