August 2018
Intermediate to advanced
404 pages
10h 22m
English
For this exercise, it is preferable that we know the passwords for both users, although we only really need to know the attacker's password in a real-life scenario.
Configure the browser to use Burp Suite as a proxy and do the following:

Notice that, in our example, the URL says users/7/account_settings. Could it be that that number 7 is a user ID?
Read now
Unlock full access