Lab: User role can be modified in user profile
APPRENTICE
This lab has an admin panel at /admin
. It's only accessible to logged-in users with a roleid
of 2.
Solve the lab by accessing the admin panel and using it to delete the user carlos
.
You can log in to your own account using wiener:peter
.
Solution
Log in using the supplied credentials.
Click on "My Account" and submit a new email address.
Observe that the response contains your role ID.
Send the email submission request to Burp Repeater, add "roleid":2
into the JSON in the request body, and resend it.
Observe that the response shows your roleid
has changed to 2.
Browse to /admin
and delete carlos
.