Beating Up Admin

As mentioned in the methodology, beating up access control and authentication is usually the best place to start. Check out these examples of ways that auth can be broken.

  1. https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality
  2. https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
  3. https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-password-disclosure
  4. https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-broken-logic

For your assignment, submit anything you struggled with.

Hoppers Roppers 2024            Date: 2024-02-25 22:05:39

results matching ""

    No results matching ""