Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Lab: User ID controlled by request parameter, with unpredictable user IDs

APPRENTICE

This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.

To solve the lab, find the GUID for carlos, then submit his API key as the solution.

You can log in to your own account using the following credentials: wiener:peter

ACCESS THE LAB

Solution

  1. Find a blog post by carlos.
  2. Click on carlos and observe that the URL contains his user ID. Make a note of this ID.
  3. Log in using the supplied credentials and access your account page.
  4. Change the "id" parameter to the saved user ID.
  5. Retrieve and submit the API key.

Community solutions

Rana Khalil
Michael Sommer (no audio)

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here

Try Burp Suite for Free

Find access control vulnerabilities using Burp Suite

Try for free