Challenge Name: Blue Inc.
Blue Inc is a new social media website that’s still under construction, However it doesn’t have registration yet, but if you are interested in seeing our website then you can login with demo/demo.
Let’s Login with the given credentials → demo / demo
It’s just a Simple Profile.php page.
So I checked every page source of the nav bar urls, I found No Comments from the developers, Sometimes You may find any forgotten comments because the web is still under construction.
So Let’s try to put a simple sql injection to see if is there any sqli vulnerabilities!
/profile.php?user=demo
let’s try to put the simplest injection → /profile.php?user=demo’OR 1=1 —
So It’s Not Working!
Let’s Try To change the user from the URL From demo to Admin →
So It’s Let’s Check the request and Respone From Burpsuite
In the request here user=demo and Cookie is demo
So let’s change the user and the cookie to admin and the what’s gonna happen:)
SO The vulnerability that allows you to change user parameters and cookies from user=demo and cookie=demo to user=admin and cookie=admin, leading to unauthorized access to the admin account, is typically associated with Insecure Direct Object References (IDOR) or Broken Authentication and Session Management.
How It Works
- User Input Manipulation: By using a tool like Burp Suite, you can intercept and modify the HTTP requests being sent to the server. Changing parameters like
userandcookiedirectly manipulates what the server processes without appropriate checks. - Lack of Authorization Checks: If the server fails to validate whether the current user has permission to act as the specified user (in this case, an admin), it will allow the request to proceed, granting unauthorized access.
Conclusion:
This type of vulnerability highlights the importance of thorough security practices in web application development. Identifying and mitigating these vulnerabilities is crucial for maintaining the integrity and security of user accounts and sensitive data.
The flag is: 15716a249064f7e9684a816dcdb05282
Thank you for reading my solution, I hope to see you in the next challenge.
