portswigger-all-labs

Complete PortSwigger Web Security Academy Lab Writeups Detailed, categorized solutions for every lab — from APPRENTICE to EXPERT — covering all 30 vulnerability types.

View on GitHub

Labs Covered

This write-up focuses on the following APPRENTICE-level lab from the PortSwigger Web Security Academy related to Insecure Deserialization:

1 Modifying serialized objects

This lab demonstrates how attackers can tamper with serialized data structures to manipulate application logic and potentially gain unauthorized access.

LAB 1 - Modifying serialized objects

Lab Description

image

Solution

Before login I Inspect cookie but there is no value is set for it:

image

After I have login I get cookies

image

Now I have copy he cookie first url decode it and then base64 decode it and get the serialized data from cookie.

image

Now I change 0 to 1,So in boolean 0 false and 1 true and base64 encode the text

image

Now copy above base 64 and paste it in cookie then send request that tell us you have to navigate to /admin to goto admin panel

image

Navigate to admin panel.Now to solve lab we have to delete carlos we have delete carlos and lab is solved

image

image

Follow redirection and now we can see no carlos user in reponse and lab is solved

image