Insecure deserialization can be a very critical vulnerability for a website. In this lab, we need to use credentials we already have to exploit insecure deserialization vulnerability, escalate privileges and delete Carlos’s account.
First, we log into our account and use BurpSuite to see what we have going on. We can see a cookie session.
It is base64 encoded and once we decode it, we can get some useful information. We can see what admin attribute is 0, meaning we don’t have such a privilege.
We can send the request to a repeater and using inspector modify it to 1.
Then we can send the modified request to get access to the admin panel.
Once we see what we are in, all we need to do it to modify our path to get delete Carlos’s account.
It is done and the lab is solved.