Lab link.
This lab has an admin panel at
/admin
, which identifies administrators using a forgeable cookie.Solve the lab by accessing the admin panel and using it to delete the user
carlos
.You can log in to your own account using the following credentials:
wiener:peter
We log in to the account using the user credentials provided. If we pay attention to the URL part, we see the “id=wiener” parameter.
If we make the id parameter admin in the URL, we display that we cannot access
If we examine the requests, we see that the admin value in the cookie is false.
We set the admin value to true.
We change the cookie value in the GET /admin request and try to delete the user carlos.
This time we need to change the cookie value in the GET /admin/delete?username=carlos request.