Access Control Vulnerabilities
Video Walkthrough :
Writeups :
| Lab Name | Visit |
|---|
| Insecure direct object references | View |
| Method-based access control can be circumvented | View |
| Multi-step process with no access control on one step | View |
| Referer-based access control | View |
| URL-based access control can be circumvented | View |
| Unprotected admin functionality with unpredictable URL | View |
| Unprotected admin functionality | View |
| User ID controlled by request parameter with data leakage in redirect | View |
| User ID controlled by request parameter with password disclosure | View |
| User ID controlled by request parameter | View |
| User role can be modified in user profile | View |
| User role controlled by request parameter | View |
| User ID controlled by request parameter, with unpredictable user IDs | View |
13 items under this folder.