We logged in as administrator and in the admin panel we were able to see that we can select and upgrade and downgrade any user to Standard and Administrator
We saved the request in Repeater, logged out as admin and logged in as wiener again and replaced the session cookie parameter and tried to upgrade the Carlos user to admin as wiener but got the response as Unauthorized:
We changed the request method to GET and were able to successfully upgrade the Carlos user to admin using the wiener account:
We logged in as admin again and confirmed that it worked as below:
We did the same thing as wiener and solved the lab as we upgraded to Administrator from our account (wiener)
