Platform: BugForge
Target: https://lab-1781997103349-x7p6o9.labs-app.bugforge.io/
Vulnerability classes: Broken Access Control
1. Register
Register for an account and log in. Once you're logged in, go to your profile area and you'll see a small form which we will update.
2. Exploiting broken acccess control
Capture the traffic in burp (or whatever proxy you prefer) and change the endpoint to 'admin' instead of your own username.e. Change the data in the PUT request and send the traffic. The flag will be in the response.
A simple lab, but it shows how a simple mistake during development can lead to accounts being taken over with relative ease. Thanks for following along!
🍺 Quick message to readers: if my writeups help you, please consider a small donation to my buymeacoffee link here. This is not required but is very much appreciated! 🍺
