Preview Image

User ID controlled by request parameter with password disclosure

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

User ID controlled by request parameter with data leakage in redirect

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

User ID controlled by request parameter, with unpredictable user IDs

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

User ID controlled by request parameter

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

User role can be modified in user profile

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

User role controlled by request parameter

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

Unprotected admin functionality with unpredictable URL

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

Unprotected admin functionality

Laboratorio de Portswigger sobre Broken Access Control

Dec 4, 2024 Portswigger Labs, Broken Access Control

Preview Image

Information disclosure in version control history

Laboratorio de Portswigger sobre Information Disclosure

Dec 3, 2024 Portswigger Labs, Information Disclosure

Preview Image

Authentication bypass via information disclosure

Laboratorio de Portswigger sobre Information Disclosure

Dec 3, 2024 Portswigger Labs, Information Disclosure