Open in app

Sign in

Write

Sign in

Mastodon

23.2 Lab: User ID controlled by request parameter | 2023

This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, obtain the API key for the user carlos and submit it as the solution | Karthikeyan Nagaraj

Karthikeyan Nagaraj
2 min readNov 15, 2023

Description

This lab has a horizontal privilege escalation vulnerability on the user account page.

To solve the lab, obtain the API key for the user carlos and submit it as the solution.

You can log in to your own account using the following credentials: wiener:peter

Solution

  1. Log in using the supplied credentials and go to your account page.
  2. Note that the URL contains your username in the “id” parameter.
  3. Change the value of id parameter from wiener to carlos and hit enter.
  4. Copy and paste the API key ofcarlos in submit solution to solve the lab.

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials

Cybersecurity
Careers
Hacking
Penetration Testing
Bug Bounty

--

--

Karthikeyan Nagaraj

Written by Karthikeyan Nagaraj

8.8K Followers

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams