Python3

Basic Insecure direct object references (IDOR) in cookie

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

Send JSON data to the application and exploit the poor role verification process to get the flag.

Hints

Hint #1

expand_more

Pay attention to the json.loads() function. Your data must be written in a JSON format with valid syntax

Hint #2

expand_more

Both JSON variables user and role must be presented in your JSON data

Hint #3

expand_more

The payload template is : {"user":"...","role":"..."}

Read the solution

expand_more

Payload :

{"user":"anything","role":"admin"}

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result