This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.
To solve the lab, find the GUID for carlos, then submit his API key as the solution.
carlos
You can log in to your own account using the following credentials: wiener:peter
wiener:peter
we can start login as wiener user
we obtain Wiener's API Key.
We can try to return to Home page, and check if there're referrement to Carlos like as posts.
https://0a3200fc04ca12b780505890009300fd.web-security-academy.net/post?postId=3arrow-up-right
Capturing HTTP response we discover that userId value was changed
Save it (Carlos userID): f26a0928-06ae-4b0d-be0a-ca03266160f0
Go back to My Account page and change the reference adding the new userID:
https://0a3200fc04ca12b780505890009300fd.web-security-academy.net/my-account?id=f26a0928-06ae-4b0d-be0a-ca03266160f0arrow-up-right
horizontal privilege escalation done!
Send the Carlos' API Key: NEvvgurN9IMYbP0WGQhRNxGCKLHuboPn
Last updated 12 months ago
