Scribd Logo
Upload

Welcome to Scribd!

  • Lab 3 - User Role Controlled by Request Parameter

    Uploaded by

    DODOXD Mekheimer
    73 views7 pages
    This document summarizes a lab experiment where the user role was controlled by modifying a request parameter. The student observed an "id" value and "Admin" condition in the cookie, then gained admin access by changing the id to "admin" and setting the Admin condition to true. Further requests involving the "Admin" condition were intercepted and modified to true. This allowed access to the admin panel and deletion of a user, completing the lab. The key learnings were to keep the interceptor on to detect multiple admin checks and avoid exposing credentials in requests.

    Original Description:

    Original Title

    Lab 3 - User role controlled by request parameter

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a lab experiment where the user role was controlled by modifying a request parameter. The student observed an "id" value and "Admin" condition in the cookie, then gained admin access by changing the id to "admin" and setting the Admin condition to true. Further requests involving the "Admin" condition were intercepted and modified to true. This allowed access to the admin panel and deletion of a user, completing the lab. The key learnings were to keep the interceptor on to detect multiple admin checks and avoid exposing credentials in requests.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    73 views7 pages

    Lab 3 - User Role Controlled by Request Parameter

    Uploaded by

    DODOXD Mekheimer
    This document summarizes a lab experiment where the user role was controlled by modifying a request parameter. The student observed an "id" value and "Admin" condition in the cookie, then gained admin access by changing the id to "admin" and setting the Admin condition to true. Further requests involving the "Admin" condition were intercepted and modified to true. This allowed access to the admin panel and deletion of a user, completing the lab. The key learnings were to keep the interceptor on to detect multiple admin checks and avoid exposing credentials in requests.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Lab 3 - User role controlled by request parameter

    Ahmed Khaled Saad Ali ID:1809799


    Screenshots:
    Accessed My account page and login with wiener
    Re-clicking My account with intercept ON

    We observe id value and Admin condition in Cookie, so we will try id=admin and
    of course change admin condition to true, and forward
    We got another GET request with Admin condition, we will change it to true and
    forward.

    Back to Site, we observe Admin Panel


    But we found out a third GET request with Admin condition in Cookie below, we
    will change it to true and forward it.

    Clicking Admin Panel sends the below GET request, editing Admin=true and
    forwarding.
    Another one

    Finally, Admin Panel opens


    Clicking delete carlos opens below GET request, editing Admin=true and
    forwarding.

    Another one
    Back to site, Carlos is deleted, lab completed

    Learned Outcome:
    1. You should keep intercept ON, to detect if the site has multiple checks on
    Admin access, because the site will redirect me to Normal access if you
    have intercept OFF
    2. Avoid mentioning any admin credentials or checks in the GET/POST/PULL
    requests as it can be easily sniffed.

    You might also like