This lab uses a serialization-based session mechanism and is vulnerable to privilege escalation as a result. To solve the lab, edit the serialized object in the session cookie to exploit this vulnerability and gain administrative privileges. Then, delete Carlos's account.
You can log in to your own account using the following credentials:
GET /request contains a session cookie that appears to be URL and Base64-encoded. Send this request to Burp Repeater. Also, highlight the cookie value and, from the context menu, choose "Send to Decoder".
b:0, indicating the boolean value
false. Change this to
/adminand resend it. Notice that the
/adminpage contains links to delete specific user accounts.
/admin/delete?username=carlosand send the request to solve the lab.