Preview Image

User ID controlled by request parameter, with unpredictable user IDs

Laboratorio de Portswigger sobre Broken Access Control

04/12/2024 Portswigger Labs, Broken Access Control

Preview Image

User ID controlled by request parameter

Laboratorio de Portswigger sobre Broken Access Control

04/12/2024 Portswigger Labs, Broken Access Control

Preview Image

User role can be modified in user profile

Laboratorio de Portswigger sobre Broken Access Control

04/12/2024 Portswigger Labs, Broken Access Control

Preview Image

User role controlled by request parameter

Laboratorio de Portswigger sobre Broken Access Control

04/12/2024 Portswigger Labs, Broken Access Control

Preview Image

Unprotected admin functionality with unpredictable URL

Laboratorio de Portswigger sobre Broken Access Control

04/12/2024 Portswigger Labs, Broken Access Control

Preview Image

Unprotected admin functionality

Laboratorio de Portswigger sobre Broken Access Control

04/12/2024 Portswigger Labs, Broken Access Control

Preview Image

Information disclosure in version control history

Laboratorio de Portswigger sobre Information Disclosure

03/12/2024 Portswigger Labs, Information Disclosure

Preview Image

Authentication bypass via information disclosure

Laboratorio de Portswigger sobre Information Disclosure

03/12/2024 Portswigger Labs, Information Disclosure

Preview Image

Source code disclosure via backup files

Laboratorio de Portswigger sobre Information Disclosure

03/12/2024 Portswigger Labs, Information Disclosure

Preview Image

Information disclosure on debug page

Laboratorio de Portswigger sobre Information Disclosure

03/12/2024 Portswigger Labs, Information Disclosure