Referer-based access control.md

1. Log in with admin credentials
2. Downgrade or upgrade any user;
3. Send the request from step 2 to repeater;

4. Login in with wiener and copy the session cookie; 5. Change the session cookie from step 3 to cookie copied from step 4;

Note, if you change the Referer header path to anything than /admin you cant resolve this lab ;)