Privilege Escalation

Never make access control decisions on the back of untrusted data. Either keep the session state on the server-side, or ensure cookies are tamper-proof by using a digital signature or encryption

 
Headers
  ▼ General
      Remote Address: 121.232.112.200:443
      Request Method: GET
      Status Code: 200 OK
  ▶ Request Headers
  ▼ Response Headers
      Set-Cookie: session_id=142983010
      Set-Cookie: user_id=1
The hacker Trix