23.3 Lab: User ID controlled by request parameter, with unpredictable user IDs | 2023

This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs. To solve the lab, find the GUID for carlos, then submit his API key as the solution | Karthikeyan Nagaraj

Karthikeyan Nagaraj
2 min readNov 16

--

Description

This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.

To solve the lab, find the GUID for carlos, then submit his API key as the solution.

You can log in to your own account using the following credentials: wiener:peter

Solution

  1. Click each post separately to find post of carlos
  2. After that, click on the username of carlos and you will get the user ID in the URL
  3. Log In with wiener:peter
  4. Change the value of wiener’s ID to carlos ID and click Enter
  5. Copy and paste the API key ofcarlos in submit solution to solve the lab.

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials

--

--

Karthikeyan Nagaraj

Security Researcher | Bug Hunter | Web Pentester | CTF Player | TryHackme Top 1% | AI Researcher | Blockchain Developer