{"blog_url":"https://cysec148.hatenablog.com/","published":"2025-08-14 07:02:54","provider_name":"Hatena Blog","title":"LAB: Referer \u30d8\u30c3\u30c0\u30fc\u3092\u5229\u7528\u3057\u305f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306e\u56de\u907f","provider_url":"https://hatena.blog","version":"1.0","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","description":"Hello there, ('\u03c9')\u30ce \ud83c\udfaf \u30b4\u30fc\u30eb \u30e6\u30fc\u30b6\u30fc wiener \u3092\u7ba1\u7406\u8005\u306b\u6607\u683c\u3059\u308b Referer \u30d8\u30c3\u30c0\u30fc\u3092\u507d\u88c5\u3057\u3066\u7ba1\u7406\u8005\u5c02\u7528\u6a5f\u80fd\u3092\u5b9f\u884c \u624b\u9806 Step 1: \u7ba1\u7406\u8005\u3067\u901a\u5e38\u64cd\u4f5c\u3092\u78ba\u8a8d administrator:admin \u3067\u30ed\u30b0\u30a4\u30f3 /admin \u30d1\u30cd\u30eb\u3078\u30a2\u30af\u30bb\u30b9 \u30e6\u30fc\u30b6\u30fc carlos \u3092\u6607\u683c\u3055\u305b\u308b\u64cd\u4f5c\u3092\u884c\u3046 Burp Suite \u3067\u3053\u306e\u6607\u683c\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3001Repeater\u306b\u9001\u4fe1 \u30ea\u30af\u30a8\u30b9\u30c8\u4f8b\uff1a GET /admin-roles?username=carlos&action=upgrade HTTP/1.1 Host: vulnerable-website.com \u2026","type":"rich","height":"190","blog_title":"Shikata Ga Nai","url":"https://cysec148.hatenablog.com/entry/2025/08/14/070254","width":"100%","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2025%2F08%2F14%2F070254\" title=\"LAB: Referer \u30d8\u30c3\u30c0\u30fc\u3092\u5229\u7528\u3057\u305f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306e\u56de\u907f - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","author_name":"ThisIsOne","image_url":null,"categories":["Web Security Academy","Access control"]}