We logged in as administrator and in the admin panel we were able to see that we can select and upgrade and downgrade any user to Standard and Administrator
We replaced the session cookie with wiener’s one after logging in but failed to perform actions
We added the Referer header set to /admin and were able to then perform actions
We upgraded the wiener user to admin and were able to solve the lab
