Request in Browser: Privilege Escalation Check

In Mutillidae, go back to the login page by clicking on "Login/Register" link.

2. Login to the Mutillidae application as an admin user.

3. If you do not know the admin credentials, login using the SQL Injection attack. Enter following text in the username and password input fields:

' or 1 -- //

4. As an admin user, access some of the protected resources.

5. Log-off from the admin account.

6. Login as a non-admin user.

7. In Burp Suite, identify the protected resource (that was requested in step #1).

8. Right click on the request and select Request in browser > In original session from the context menu. Copy the URL displayed at system prompt and paste it in a new browser window.

The protected webpage would load with -permissions of the original user-, i.e., as an admin (refer step #1).

Repeat step #4.

Right click on the request and select Request in browser > In current browser session from the context menu. Copy the URL displayed at system prompt and paste it in a new browser window.

If the protected page loads successfully with session details of currently active non-admin user, then we have identified a privilege escalation issue.

PreviousNull Payload NextTarget

Last updated 3 years ago