23.6 Lab: Insecure direct object references | 2023

This lab stores user chat logs directly on the server’s file system, and retrieves them using static URLs. Solve the lab by finding the password for the user carlos, and logging into their account | Karthikeyan Nagaraj

Description

This lab stores user chat logs directly on the server’s file system, and retrieves them using static URLs.

Solve the lab by finding the password for the user carlos, and logging into their account.

Solution

1. Make sure that the Proxy is On and Intercept is Off
2. Click on the Live chat, type something and send
3. If you click on the View transcript and observe that the transcripts are text files assigned a filename containing an incrementing number.
4. Navigate to HTTP History and send the /download-transcript/ANY_NUMBER.txt to repeater
5. Change the file name to 1.txt and send the request
6. Observe that the Password of carlos is exposed in the response
7. Use that password to log in to carlos Account to solve the lab

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials