This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.
To solve the lab, find the GUID for
carlos, then submit his API key as the solution.You can log in to your own account using the following credentials:
Lab link.wiener:peter
Login with the given username and password. After logging in, we see the id parameter in the URL. The value can be guessed, meaning we should look for information disclosures on the site to find the user Carlos.
If we check the posts on the blog page, we see a post by Carlos. If we click on the user Carlos, we reach the user id value.
In the GET /my-account?id request, we update the id value and access the user carlos. API Key is sent to submit solutions and the question is solved.
