In this post we will walk step by step on how to solve User ID controlled by request parameter on PortSwigger Academy. This lab’s difficulty is Apprentice and it is the fifth lab in the Access control labs on Portswigger.

Link to lab: https://portswigger.net/web-security/access-control/lab-user-role-can-be-modified-in-user-profile

To start the lab click the ‘Access the Lab’ button. Burp Suite Community Edition is all we need to solve this lab.

Credentials are provided for the user Weiner.

Navigating to the login page we can use the provided credentials to authenticate and login.

Now that we are logged in we can observe our API account and the ability to update our email address.

Viewing our HTTP GET Request we can observe our username is placed in the id url paramater.

Let’s change the id to carlos and view the web page.

Back on the web page we can observe the username is carlos with the API Key.

We now have access to Carlos’ API key and we can submit it as the lab solution.

Submitting the API Key solves the lab!

 

That completes the lab! Well done! If you found this helpful, please send me a tweet and tell me what you thought! Feedback is always appreciated!

Jarrod