4.5.web user role modification in profile(Web Security Academy)

rs who are logged in using Role ID 2 , Therefore, we need to know what our permissions are on the site .

If we change the email of the user that I own, the request will be here post, because it is considered entering data into the server, and therefore in the response it will be clear to me what type of roleid it is.

I have already changed my email address .

Indeed, when I changed the email, the response was that the user, wiener, has a “roleid”: 1 , If so, we can change this by sending the roleid, with a request to change the email, as follows:

We will take the request and send it to Repeater .

You will add the “roleid”: 1, but instead of 1 you will make it 2 , to make the user wiener have higher permissions.

After that, you will send the request

Congratulations, you solved the lab!

Here we have reached the admin panel .

See you soon in other reports….!!

Abdelwahab_Shandy

AS_Cyber