[Pentester Academy] Web Application Security Challenge 8

When I first opened the page there was no kind of login or authoriztion …so, i intercepted the request using Burp Proxy and found that one cookie with the field user id is thereand seem to be like base64 encoded so i decided to decode it.

 I found decode as MA== ,i decode it once more….

final value found to be 0 .So…i thought if 0 is the user_id value for the Guest …..why not try 1 as value….so i encoded 1 then again encoded the result and finally modified the request using burp proxy