Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Portswigger: User role can be modified in user profile Writeup - Aleyna Doğan

Aleyna

Portswigger Lab

Portswigger: User role can be modified in user profile Writeup

updated on

Lab link.

This lab has an admin panel at /admin. It’s only accessible to logged-in users with a roleid of 2.

Solve the lab by accessing the admin panel and using it to delete the user carlos.

You can log in to your own account using the following credentials: wiener:peter

We log in with the account information provided and try the email update feature available in our account and check our request.

We see that the role id value is 1. If we make this value 2 as given to us in the question, we can become admin.

When sending the request, we add the role id value after the email.

Wiener user role is now admin and we delete carlos user.

Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir