OWASP Security Shepherd Project - Session Management Challenge 1 (Session Management Challenge)

Challenge


Solution

    As always, let's check the http request captured by BurpSuite.


    It seems that we have checksum and the 3 boolean parameters: adminDetected, returnPassword, upgradeUserToAdmin. At this point, the first thing come through my mind is if the checksum is encoded by base64? Because the string is ended with "==", I think it is quite usual base64 format. As a result, we should go to the decoder tab of BurpSuite for validating our assumption.


    Yes! Our assumption is correct. The checksum is actually base64 encoded string "userRole=user". Now, let's change it to be "userRole=admin" and encode it back with base64.


    After the encoding, we could then try to put our new checksum back to the http request. Also, we may want to toggle the boolean parameters.


    The result...


    Well, it seems that we have no luck this time. Looking around and thinking the whole process once again. OK! "Administrator Only Button"!! What if we change the string as "userRole=administrator"?


     Great! We finished the Challenge 1!

留言

The Hottest Articles

OWASP Security Shepherd Project - My Practice & Solutions

OSCP回顧 & 準備建議

OWASP Security Shepherd Project - SQL Injection 3 (Injection Challenge)