ℹ️ Info:

This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.

🎯 Goal:

To solve the lab, find the GUID for carlos, then submit his API key as the solution.

You can log in to your own account using the following credentials: wiener:peter

first thing from the description of lab i notice that every user have an GUID

but i have my own with wiener : peter and the request like this

• so to get the carlos API Key i need his API KEY so i will search for any thing related to carlos
• after searching in all application i found interesting some thing
• if i go to any post i catch the author of this post it’s like a link

• here we go the GUID is reflected when i hover in author [carlos]
• so i will click on carlos and open it new tab

i will copy the GUID and Go to the request for wiener to change the GUID

• here we go i changed the id with carlos and response retrieve the API KEY
• copy it and send it in submit field