Access control 11 | Method-based access control can be circumvented

Save
5 days ago
Technology Education

Did we help you today? Show us your love here:
https://buymeacoffee.com/TORHAT
Paytm: https://tinyurl.com/TORHAT

Want us to train you for courses and certifications?
https://hmcyberacademy.com/learners.html

Want to hire us or our students for VAPT or SOC?
https://hmcyberacademy.com/companies.html

This video is for Educational purposes only.
https://portswigger.net/web-security/access-control
https://portswigger.net/web-security/access-control/lab-method-based-access-control-can-be-circumvented

Steps to solve:
1. Login to admin and upgrade carlos user.
2. Send that POST request to repeater.
3. Logout of admin user and login as wiener user. Capture the session cookie of wiener user.
4. Go to repeater and replace the session cookie of admin with the session cookie of wiener.
5. Right click the POST request in repeater, and click on "Change request method". Change that upgrade request parameters to username=wiener.
6. send the request.

Socials:
Whatsapp: https://chat.whatsapp.com/JEWGrpUOqXxGYZas9901Ib?mode=wwc
Linkedin: https://www.linkedin.com/company/hmcyberacademy
Twitter: https://twitter.com/hmcyberacademy
Telegram Group: https://t.me/+a9nwT9mdgeJhMDA1
Instagram: https://www.instagram.com/hmcyberacademy/
Discord: https://discord.com/invite/caMKZRBjty
Rumble: https://rumble.com/c/hmcyberacademy
Email: [email protected]

#hmcyberacademy #portswigger #Cybersecurity #EthicalHacking #HackingLab #SecurityChallenge #CTF (Capture The Flag) #Infosec #WebSecurity #CyberChallenge #BugBounty #CaptureTheFlag #HackingChallenge #HackMe #SecurityTraining #password #accesscontrol #DebugPage #bugbounty #bugbountyhunter #bugbountytips #bugbounty #bugbountyhunter #bugbountytips

Loading comments...