Scribd Logo
Upload

Welcome to Scribd!

  • Lab 8 - User ID Controlled by Request Parameter With Data Leakage in Redirect

    Uploaded by

    DODOXD Mekheimer
    24 views3 pages
    The document describes a lab where a user is able to obtain another user's API key by manipulating the "id" parameter in a GET request. By changing the "id" field to another user's name, the response included that user's API key, allowing access without authorization. The key lesson is that user identifiers should not be included in requests in a way that enables data leakage or unauthorized access to other users' information.

    Original Description:

    Original Title

    Lab 8 - User ID controlled by request parameter with data leakage in redirect

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes a lab where a user is able to obtain another user's API key by manipulating the "id" parameter in a GET request. By changing the "id" field to another user's name, the response included that user's API key, allowing access without authorization. The key lesson is that user identifiers should not be included in requests in a way that enables data leakage or unauthorized access to other users' information.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views3 pages

    Lab 8 - User ID Controlled by Request Parameter With Data Leakage in Redirect

    Uploaded by

    DODOXD Mekheimer
    The document describes a lab where a user is able to obtain another user's API key by manipulating the "id" parameter in a GET request. By changing the "id" field to another user's name, the response included that user's API key, allowing access without authorization. The key lesson is that user identifiers should not be included in requests in a way that enables data leakage or unauthorized access to other users' information.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Lab 8 - User ID controlled by request parameter with data leakage in

    redirect.
    Ahmed Khaled Saad Ali ID:1809799

    Lab Progress & Screenshots:


    Logged in as wiener.

    We see this GET request with “id” field, we send to the “Repeater”
    When we send request with “id=wiener”, we get his API key in the response.

    So, we will change “id” field to carlos, and we copy his API Key from response.

    Submit API Key.

    Lab Solved.
    Lessons:
    Don’t simply include identifiers of a user in when he sends a request.

    You might also like