Lab 4: User role controlled by request parameter
I need to access the admin site and delete Carlos but to do this I need to change the parameters to then gain access into the admin page.
I went into my account and logged in using the credentials that were provided for meI then went into cookies and found the Admin cookie set to false, so I changed it to true and then I went into the admin panel
After doing so I was able to delete Carlos.
Another way I could of done this was by using Burp
I could have sent the request to the proxy and taken a look at the cookies.
Here I could have changed the cookie to true and then it would have worked the same way
Comments
Post a Comment