Access Control
Lab:~# Referer-based access control
Guys👋 let’s go through this lab really quickly. Some websites base access controls on the Referer header submitted in the HTTP request. This lab controls access to certain admin functionality based on the Referer header. Let’s solve the lab to exploit the flawed access controls and promote ourselves to become administrators.
End Goals:~#
- Log in using the credentials wiener:peter and exploit the flawed access controls to promote yourself to become an administrator.
Testing For Vulnerabilities:~#
- Let’s familiarize ourselves with the admin panel by logging in using the credentials administrator and exploring all the functionalities available to administrators.
- Using the admin panel, let’s promote Carlos and send the HTTP request to Burp Repeater, then observe the Referer header.
- Open a private browser window or another browser, log in with normal user credentials, and copy its session cookie.
- In Burp Repeater, change the session from admin to the normal user, then promote yourself to admin by changing the value of the username parameter.
- We received a redirection and successfully solved the lab. Easy, right😂?
That’s all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!