In this video, we cover Lab #4 in the Access Control Vulnerabilities module of the Web Security Academy. This lab has an admin panel at /admin. It's only accessible to logged-in users with a roleid of 2. To solve the lab, we access the admin panel and use it to delete the user carlos.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://bit.ly/30LWAtE
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:14 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:25 - Navigation to the exercise
02:01 - Understand the exercise and make notes about what is required to solve it
02:44 - Exploit the lab
22:34 - Summary
22:49 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-04/notes.txt
Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-04/access-control-lab-04.py
Web Security Academy Exercise Link: https://portswigger.net/web-security/access-control/lab-user-role-can-be-modified-in-user-profile
Rana's Twitter account: https://twitter.com/rana__khalil