How to hack: USER ROLE CONTROLLED BY REQUEST PARAMETER - Burp Suite
#kali #burpsuite #learnkali #learnburpsuite #hacker #hacking
How to Solve: USER ROLE CONTROLLED BY REQUEST PARAMETER
Hit Like and Subscribe! Thank you!
Hit: Access the Lab
Set the browser network setting to manual proxy (127.0.0.1:8080) 0:04
After the home page on your screen: copy paste the url for the Target Scope
Burp Proxy: HTTP History (refresh the Fox browser) 0:18
Burp Proxy: Turn Off the Intercept: Intercept is Off 0:24
Go to : https://Your-Lab-Id.web-security-academy.net/admin/ 0:31
On the screen will show: Admin interface only available if logged in as an administrator
Login: My Account / password: wiener / peter 0:37
Burp Proxy: Turn On the Intercept: Intercept is on
Go back your browser and Hit: Enter
Change the first row on your Raw Tab: 2:28
GET /admin HTTP/1.1
Change row #3 Cookie - Header 2:37
Admin = true
I also change the Referer - Header: https://your-lab-id/admin 2:40
Than hit: Forward - Button
Turn Intercept back of - Click intercept is on until it changed to: Intercept is off
Refresh the browser.
If you can see the url address change to: https://your-lab-id.web-security-academy.net/my-account?id=wiener 2:55
You also can see: Admin panel - link (Home | Admin panel | My Account)
Click: Delete - on carlos account 3:02
Response: Admin interface only available if logged in as an adminsitrator
Back to your intercept.
Turn back on.
Repeat the process:
Change the first row on your Raw Tab: 3:30
GET /admin HTTP/1.1
Change row #3 Cookie - Header 3:20
Admin = true
I also change the Referer - Header: https://your-lab-id/admin 3:38
Than hit: Forward - Button 3:43
Turn the intercept back off.
Click Delete - link on carlos account.
When the lab: Solved
In my case, the url looks like this: https://acd61fd71f84d389c0f71b4400ea000c.web-security-academy.net/admin/delete?username=carlos
Your case:
https://Your-Lab-Id.web-security-academy.net/admin/delete?username=carlos
Lab: Solved
Thank you for watching!
Видео How to hack: USER ROLE CONTROLLED BY REQUEST PARAMETER - Burp Suite канала Fun Coder
How to Solve: USER ROLE CONTROLLED BY REQUEST PARAMETER
Hit Like and Subscribe! Thank you!
Hit: Access the Lab
Set the browser network setting to manual proxy (127.0.0.1:8080) 0:04
After the home page on your screen: copy paste the url for the Target Scope
Burp Proxy: HTTP History (refresh the Fox browser) 0:18
Burp Proxy: Turn Off the Intercept: Intercept is Off 0:24
Go to : https://Your-Lab-Id.web-security-academy.net/admin/ 0:31
On the screen will show: Admin interface only available if logged in as an administrator
Login: My Account / password: wiener / peter 0:37
Burp Proxy: Turn On the Intercept: Intercept is on
Go back your browser and Hit: Enter
Change the first row on your Raw Tab: 2:28
GET /admin HTTP/1.1
Change row #3 Cookie - Header 2:37
Admin = true
I also change the Referer - Header: https://your-lab-id/admin 2:40
Than hit: Forward - Button
Turn Intercept back of - Click intercept is on until it changed to: Intercept is off
Refresh the browser.
If you can see the url address change to: https://your-lab-id.web-security-academy.net/my-account?id=wiener 2:55
You also can see: Admin panel - link (Home | Admin panel | My Account)
Click: Delete - on carlos account 3:02
Response: Admin interface only available if logged in as an adminsitrator
Back to your intercept.
Turn back on.
Repeat the process:
Change the first row on your Raw Tab: 3:30
GET /admin HTTP/1.1
Change row #3 Cookie - Header 3:20
Admin = true
I also change the Referer - Header: https://your-lab-id/admin 3:38
Than hit: Forward - Button 3:43
Turn the intercept back off.
Click Delete - link on carlos account.
When the lab: Solved
In my case, the url looks like this: https://acd61fd71f84d389c0f71b4400ea000c.web-security-academy.net/admin/delete?username=carlos
Your case:
https://Your-Lab-Id.web-security-academy.net/admin/delete?username=carlos
Lab: Solved
Thank you for watching!
Видео How to hack: USER ROLE CONTROLLED BY REQUEST PARAMETER - Burp Suite канала Fun Coder
Комментарии отсутствуют
Информация о видео
11 февраля 2022 г. 10:43:27
00:06:18
Другие видео канала
