Portswigger Insecure Deserialization — Lab 1

Modifying serialized objects

In this lab we need to modify the session cookie which is using serialization through which we need to escalate our privileges to administrator user and then delete the carlos user

We can login with the credentials wiener:peter

After logging in we’ll see the session token

Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjY6IndpZW5lciI7czo1OiJhZG1pbiI7YjowO30%3d

Which is base64 encoded, we can decode this, I used cyberchef

Now to understand the serialized cookie

O:4:"User":2:{s:8:"username";s:6:"wiener";s:5:"admin";b:0;}

• O:4 represents that User is a object of length 4, which has 2 attributes which are username and admin
• username is a string of length 8, which has the value wiener of length 6
• admin is a string with length 5 which has a boolean value which is represented by b having the value 0 which is false

So we need to make this value true with b:1

After refreshing the page we’ll see that we have access to admin panel

And we can delete carlos user and complete the lab