23.5 Lab: User ID controlled by request parameter with password disclosure | 2023

This lab has user account page that contains the current user’s existing password, prefilled in a masked input. To solve the lab, retrieve the administrator’s password, then use it to delete the user carlos | Karthikeyan Nagaraj

Karthikeyan Nagaraj
2 min readNov 18, 2023

Description

This lab has user account page that contains the current user’s existing password, prefilled in a masked input.

To solve the lab, retrieve the administrator’s password, then use it to delete the user carlos.

You can log in to your own account using the following credentials: wiener:peter

Solution

  1. Log in using the supplied credentials and access the user account page.
  2. Change the “id” parameter in the URL to administrator.
  3. Right Click on the Password field and Click Reveal Password
  4. Or Right Click on the Password field and Click Inspect to view the password
  5. Copy that password, click logout and Login to administrator Account with the Password that we found
  6. Then, Click on the Admin Panel and delete the User carlos to solve the lab

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials

--

--

Karthikeyan Nagaraj
Karthikeyan Nagaraj

Written by Karthikeyan Nagaraj

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher

Responses (1)