π info :
This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response
π―Goal :
To solve the lab, obtain the API key for the userΒ carlosΒ and submit it as the solution.
You can log in to your own account using the following credentials:Β wiener:peter
- Log in with credentials:
wiener:peter. π
- Start your proxy/interceptor (Burp, OWASP ZAP, or similar) and enable interception. π΅οΈββοΈ
- Perform an action that triggers a redirect or request containing a
id parameter
- Locate the request where the ID parameter equals your user (
wiener). π
- Send the request to Repeater (or manually edit the intercepted request). βοΈ
- Change the
id parameter from wiener to carlos (e.g., id=wiener β id=carlos). π
- Follow the redirect or forward the edited request and inspect the redirect response. β‘οΈπ
- Inspect the response body (and headers). The leaked API key for
carlos should appear. π§Ύ
- Copy the API key and submit it in the labβs solution field. π
