# Weak Cookies and Parameters

We should take a look at the requests to see what is going on and hwat we can do to manipulate cookies and other paramaters. This could be useful.&#x20;

#### Weak authentication

This seems to be an event system that allows us to message an administrator. We can easily create a new user via the `Register` link. Once registered and logged in, we are able to add a new log event under the `New Event Log` tab. However, when we try to submit the new event, the system prompts that "Only the admin can update the Event logs".

One interesting thing to notice is the presence of a `userLevel` cookie with the value `ZGVmYXVsdA%3D%3D`. Let's try to base64-decode the string:

```
kali@kali:~$ echo "ZGVmYXVsdA==" | base64 --decode
default
```

This decodes as `default`, which may refer to our access level. Let's try to update the `userLevel` cookie with a new value:

```
kali@kali:~$ echo -n admin | base64
YWRtaW4=
```

With this modification in place, we can now send messages.