Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Portswigger: User ID controlled by request parameter, with unpredictable user IDs Writeup - Aleyna Doğan

Portswigger: User ID controlled by request parameter, with unpredictable user IDs Writeup

This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.

To solve the lab, find the GUID for carlos, then submit his API key as the solution.

You can log in to your own account using the following credentials: wiener:peter

Lab link.

Login with the given username and password. After logging in, we see the id parameter in the URL. The value can be guessed, meaning we should look for information disclosures on the site to find the user Carlos.

If we check the posts on the blog page, we see a post by Carlos. If we click on the user Carlos, we reach the user id value.

In the GET /my-account?id request, we update the id value and access the user carlos. API Key is sent to submit solutions and the question is solved.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir