23.5 Lab: User ID controlled by request parameter with password disclosure | 2023
This lab has user account page that contains the current user’s existing password, prefilled in a masked input. To solve the lab, retrieve the administrator’s password, then use it to delete the user carlos | Karthikeyan Nagaraj
2 min readNov 18, 2023
Description
This lab has user account page that contains the current user’s existing password, prefilled in a masked input.
To solve the lab, retrieve the administrator’s password, then use it to delete the user carlos
.
You can log in to your own account using the following credentials: wiener:peter
Solution
- Log in using the supplied credentials and access the user account page.
- Change the “id” parameter in the URL to
administrator
. - Right Click on the Password field and Click Reveal Password
- Or Right Click on the Password field and Click Inspect to view the password
- Copy that password, click logout and Login to administrator Account with the Password that we found
- Then, Click on the Admin Panel and delete the User carlos to solve the lab
If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng
Thank you for Reading!
Happy Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials