Authorization 01

This exercise is one of our challenges on Authorisation issues

We access the deployed instance link and login using the provided credentials; we then increment the user /infos/{id} from 1 till we reached 3 and saw the KEY:

Authorization 02

This exercise is one of our challenges on Authorisation issues

Simillar to lab 1, we are also granted priviledge to edit the content of the user2

Authorization 03

This exercise is one of our challenges on Authorisation issues

This lab talks about most mistake made by modern frameworks that stores users details using their username as file for example (user_1.json):

we access the challenge link and try checking for the key, but’s masked so no way out; we now modify the url content to 1.json and saw the user details in the json file:

Authorization 04

This exercise is one of our challenges on Authorisation issues

The challenge of this lab is to modify the object model from username to admin; so while creating a user we intercepted the request and changed the user object to admin

Edited request:

Response:

Solving Authorization 05

This exercise is one of our challenges on Authorisation issues

This challenge is simillar to the previous one, but in this case we dont edit the user from username to admin but we attach an extra field saying this user is an admin, a dictionary:

user[admin] = 1

we send this payload and got the following response:

Authorization 06

This exercise is one of our challenges on Authorisation issues

This challenge requires us to join an organization or company by modifying the user field along with username and password we are able to archieve it by adding the following:

user[organization_id] = 1

we use the above payload to join organization/company 1 while creating the new user.

Request payload:

Response payload: