This post is a writeup of PortSwigger’s “user ID controlled by request parameter with password disclosure” lab, which is part of the Access Control lab grouping.
You’ll need a Portswigger Academy
This is a write-up of of PortSwigger Academy’s “user ID controlled by request parameter with data leakage in redirect” lab.
You’ll need a Portswigger Academy account before you get started. Log
This is a write-up of of PortSwigger Academy’s “user ID controlled by request parameter, with unpredictable user IDs” lab.
You’ll need a Portswigger Academy account before you get started. Log in
This post is a writeup of PortSwigger Academy’s “user ID controlled by request parameter” lab. You don’t necessarily need Burp Suite installed for this lab, but if you want to have
This is a walkthrough of PortSwigger Academy’s “user role can be modified in user profile” lab. You’ll need Burp Suite installed for this walkthrough (see instructions here).
You’ll also need