Referer-based access control
Laboratorio de Portswigger sobre Broken Access Control
Justice-Reaper
Multi-step process with no access control on one step
Laboratorio de Portswigger sobre Broken Access Control
Method-based access control can be circumvented
Laboratorio de Portswigger sobre Broken Access Control
URL-based access control can be circumvented
Laboratorio de Portswigger sobre Broken Access Control
Insecure direct object references
Laboratorio de Portswigger sobre Broken Access Control
User ID controlled by request parameter with password disclosure
Laboratorio de Portswigger sobre Broken Access Control
User ID controlled by request parameter with data leakage in redirect
Laboratorio de Portswigger sobre Broken Access Control
User ID controlled by request parameter, with unpredictable user IDs
Laboratorio de Portswigger sobre Broken Access Control
User ID controlled by request parameter
Laboratorio de Portswigger sobre Broken Access Control
User role can be modified in user profile
Laboratorio de Portswigger sobre Broken Access Control