7.4 Lab: User role can be modified in user profile | 2023

This Lab has an admin panel at /admin. It’s only accessible to logged-in users with a roleid of 2, Solve the lab by accessing the admin panel and using it to delete the user Carlos | Karthikeyan Nagaraj

Karthikeyan Nagaraj
2 min readSep 19

--

Description

This lab has an admin panel at /admin. It's only accessible to logged-in users with a roleid of 2.

Solve the lab by accessing the admin panel and using it to delete the user carlos.

You can log in to your own account using the following credentials: wiener:peter

Solution

  1. Login with Credentials wiener:peter
  2. Try to change the email and Capture the Request
  3. Send the Request to Repeater
  4. Send the request and watch that the response has 4 arguments that contain roleid with a value of 1
  5. Now Add a variable roleid into the JSON body in the request with a value of 2
  6. Notice that the value of roleid has changed to 2 in the response
  7. Now, switch of the proxy, navigate to /admin page and delete user Carlos to solve the lab

Cyberw1ng

Learn Cyber Security and Create Awareness ~ cyberwing Stay tuned with me, Subscribe and Like the Videos... Ask Doubts…

www.youtube.com

If you would like to support me so that I could create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials

Cybersecurity
Security
Hacking
Penetration Testing
Bug Bounty

--

--

Karthikeyan Nagaraj

Written by Karthikeyan Nagaraj

1.3K Followers

Security Researcher | Bug Hunter | Web Pentester | CTF Player | TryHackme Top 1% | AI Researcher | Blockchain Developer

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams