Insecure deserialization - gachikuku/portswigger GitHub Wiki

Solution

1. Log in as wiener:peter.
2. Check the cookie set from the website.
3. URL decode it and then base64 -d decode it.
4. Change the admin value from 0 to 1 (true).
5. URL encode it and then base64 encode it.
6. Use the modified cookie, Rfresh and access Admin panel to delete carlito.

Solution

1. Log in as wiener:peter.
2. URL decode and base64 -decode it.
3. Change the string value wiener to administrator and update the s length accordingly. (word | wc -m).
4. Remember s stands for string, so change it to integer and set it to 0.
5. URL encode and base64 encode it (echo -n 'string' | base64 | jq -rR @uri).
6. Set it as a cookie.