User ID controlled by request parameter, with unpredictable user IDs
PreviousUser role controlled by request parameterNextUser ID controlled by request parameter with password disclosure
Last updated
Last updated
This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.
To solve the lab, find the GUID for carlos, then submit his API key as the solution.
You can log in to your own account using the following credentials: wiener:peter
we can start login as wiener user
we obtain Wiener's API Key.
We can try to return to Home page, and check if there're referrement to Carlos like as posts.
https://0a3200fc04ca12b780505890009300fd.web-security-academy.net/post?postId=3
Capturing HTTP response we discover that userId value was changed
Save it (Carlos userID): f26a0928-06ae-4b0d-be0a-ca03266160f0
Go back to My Account page and change the reference adding the new userID:
horizontal privilege escalation done!
Send the Carlos' API Key: NEvvgurN9IMYbP0WGQhRNxGCKLHuboPn
