Beating Up Admin
As mentioned in the methodology, beating up access control and authentication is usually the best place to start. Check out these examples of ways that auth can be broken.
- https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality
- https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
- https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-password-disclosure
- https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-broken-logic
For your assignment, submit anything you struggled with.