03 Lab: User role controlled by request parameter

Objetivo

This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie.
Solve the lab by accessing the admin panel and using it to delete the user carlos.
You can log in to your own account using the following credentials: wiener:peter

Solución

Exploramos el inicio de sesión
image.png
image.png
Observamos el parámetro Admin=False si modificamos esta sección en cada accion que realicemos, tendremos el perfil de Administrador
image.png
Eliminamos el usuario, manteniendo el parámetro Admin=False
image.png
image.png
image.png

Previous01 Lab: Unprotected admin functionality Next04 Lab User role can be modified in user profile 17efab5460ec808c8da6e67d210bf5a2

Last updated 6 months ago