Siunam's Website

My personal website

Home About Blog Writeups Projects E-Portfolio

Inconsistent security controls | Dec 19, 2022

Introduction

Welcome to my another writeup! In this Portswigger Labs lab, you’ll learn: Inconsistent security controls! Without further ado, let’s dive in.

Background

This lab’s flawed logic allows arbitrary users to access administrative functionality that should only be available to company employees. To solve the lab, access the admin panel and delete Carlos.

Exploitation

Home page:

Let’s register an account:

In here, we can see that the DontWannaCry company is using dontwannacry.com as the email domain.

Also, we can go to Email client to get a new email address:

Now we can register an account:

Let’s login as user attacker:

In here, we can try to go to the admin panel at /admin:

Hmm… It’s only available to DontWannaCry user.

Now, what if I change to email address to attacker@dontwannacry.com??

We successfully changed the email address to dontwannacry.com domain!

Can we access to the admin panel?

Yes we can! Let’s delete user carlos:

What we’ve learned:

  1. Inconsistent security controls