Inconsistent security controls | Dec 19, 2022
Introduction
Welcome to my another writeup! In this Portswigger Labs lab, you’ll learn: Inconsistent security controls! Without further ado, let’s dive in.
- Overall difficulty for me (From 1-10 stars): ★☆☆☆☆☆☆☆☆☆
Background
This lab’s flawed logic allows arbitrary users to access administrative functionality that should only be available to company employees. To solve the lab, access the admin panel and delete Carlos.
Exploitation
Home page:
Let’s register an account:
In here, we can see that the DontWannaCry company is using dontwannacry.com as the email domain.
Also, we can go to Email client to get a new email address:
- Our email:
attacker@exploit-0ae0001703bbf4a6c0e86cfd01cb0052.exploit-server.net
Now we can register an account:
Let’s login as user attacker:
In here, we can try to go to the admin panel at /admin:
Hmm… It’s only available to DontWannaCry user.
Now, what if I change to email address to attacker@dontwannacry.com??
We successfully changed the email address to dontwannacry.com domain!
Can we access to the admin panel?
Yes we can! Let’s delete user carlos:
What we’ve learned:
- Inconsistent security controls