Skip to content

Latest commit

 

History

History
33 lines (25 loc) · 1.72 KB

Day13.md

File metadata and controls

33 lines (25 loc) · 1.72 KB
Raw

Solve 4 access control labs on the portswigger lab and read blogs


1. Access Control Labs

  • Unprotected admin functionality

-> In this lab admin panel is in unprotected path i.e, /robots.txt. After navigating to /robots.txt we saw the admin panel 
   directory.

  • Unprotected admin functionality with unpredictable URL

-> In this lab admin panel URL are disclosed in the source code. After ctrl+u we saw that URL in the javascript function.

  • User role controlled by request parameter

-> In this lab user role are controlled by the request parameter i.e, When we try to access the /admin panel we saw that request
   parameter 'Admin=false' when we 'Admin=true' then we can access the /admin panel.

  • User role can be modified in user profile

-> In this lab, when users login with their credentials, there is a 'change-email' functionality. When we enter some value in it 
   and send this request to the burp repeater, then we see the '200 OK' response with 'roleid=1'. Then we can simply add 'roleid=2'
   in the '/change-email' request.

2. Read Blog

  • Bypassing authorization in Google Cloud Workstations