OWASP Security Shepherd Project - Session Management Challenge 1 (Session Management Challenge)
Challenge
Solution
As always, let's check the http request captured by BurpSuite.It seems that we have checksum and the 3 boolean parameters: adminDetected, returnPassword, upgradeUserToAdmin. At this point, the first thing come through my mind is if the checksum is encoded by base64? Because the string is ended with "==", I think it is quite usual base64 format. As a result, we should go to the decoder tab of BurpSuite for validating our assumption.
Yes! Our assumption is correct. The checksum is actually base64 encoded string "userRole=user". Now, let's change it to be "userRole=admin" and encode it back with base64.
After the encoding, we could then try to put our new checksum back to the http request. Also, we may want to toggle the boolean parameters.
The result...
Well, it seems that we have no luck this time. Looking around and thinking the whole process once again. OK! "Administrator Only Button"!! What if we change the string as "userRole=administrator"?
Great! We finished the Challenge 1!
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!