Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Portswigger: User ID controlled by request parameter Writeup - Aleyna Doğan

Aleyna

Portswigger Lab

Portswigger: User ID controlled by request parameter Writeup

updated on

This lab has a horizontal privilege escalation vulnerability on the user account page.

To solve the lab, obtain the API key for the user carlos and submit it as the solution.

You can log in to your own account using the following credentials: wiener:peter

Lab link.

We log in to the system with the login information provided.

/my-account?id=wiener We see that the username is directly mentioned in the URL, we make the request carlos.

Right click on Response>Show response in browser>copy and paste it into the browser and access Carlos’ account.

We added Carlos’ API key to submit solutions and we solved the problem.

Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir