Lab 6: User ID controlled by request parameter with password disclosure
I have to gain access to an admin account by using horizontal escalation
I logged in
I then saw my id and tried to transfer to admin but it failed.
Lastly I tried to transfer to the other user carlos because he might have some extra privilege
using Burpsuite I changed the id value to administrator and it worked.
I looked at the password the administrator had and then signed in with it.
After signing into the account I was able to delete Carlos.
Comments
Post a Comment