Access Control 13

• Referer-based access control Dec 5, 2024
• Multi-step process with no access control on one step Dec 5, 2024
• Method-based access control can be circumvented Dec 5, 2024
• URL-based access control can be circumvented Dec 5, 2024
• Insecure direct object references Dec 4, 2024
• User ID controlled by request parameter with password disclosure Dec 4, 2024
• User ID controlled by request parameter with data leakage in redirect Dec 4, 2024
• User ID controlled by request parameter, with unpredictable user IDs Dec 4, 2024
• User ID controlled by request parameter Dec 4, 2024
• User role can be modified in user profile Dec 4, 2024
• User role controlled by request parameter Dec 4, 2024
• Unprotected admin functionality with unpredictable URL Dec 4, 2024
• Unprotected admin functionality Dec 4, 2024