This time we're greeted with an immediate "Access disallowed" message. It doesn't look like there's much we can do as far as user input, so let's take a look at it with BURP.
It looks like there's a "loggedin" cookie that's set to 0. I wonder what happens if we set it to 1?
That did it!
No comments:
Post a Comment