< Back





5. User ID controlled by request parameter with password disclosure

Like in the previous lab, once logged in we can access other users' account
information by changing the id value when accessing the /my-account page. We're asked to delete the
user "carlos" from the site.

We login with our known user credentials. Using the known vulnerability, we access the
administator's account information to acquire their password. We login as the administrator to
access the /admin panel. Finally, we delete "carlos" from the site as the administrator.


Solution