Lab 12: Multi-step process with no access control on one step

1. Executive Summary Vulnerability: Broken Access Control in Multi-Step Logic. Description: The application splits a sensitive action (promoting a user) into a multi-step workflow: Selection ->...

Dec 17, 2025 portswigger, access_control

Lab 11 : Insecure direct object references

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR) with Static File Enumeration. Description: The application saves sensitive user data (chat transcripts) to the server’s...

Dec 17, 2025 portswigger, access_control

Lab 10: User ID controlled by request parameter with password disclosure

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR) leading to Sensitive Data Exposure. Description: The application uses an insecure ID parameter to retrieve user profile...

Dec 17, 2025 portswigger, access_control

Lab 09: User ID controlled by request parameter with data leakage in redirect

1. Executive Summary Vulnerability: IDOR with Data Leakage in Redirect. Description: The application detects an authorization failure (e.g., User A trying to access User B’s data) and issues a 30...

Dec 17, 2025 portswigger, access_control

Lab 08: User ID controlled by request parameter, with unpredictable user IDs

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR) with GUIDs. Description: The application uses long, complex GUIDs (e.g., 59b3...) to identify users instead of sequentia...

Dec 17, 2025 portswigger, access_control

Lab 07: User ID controlled by request parameter

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR). Description: The application exposes a direct reference to an internal database object (the User ID) in the URL. When ...

Dec 17, 2025 portswigger, access_control

Lab 06: Method-based access control can be circumvented

1. Executive Summary Vulnerability: Method-Based Access Control Bypass. Description: The application implements access controls that are tightly coupled to specific HTTP methods (e.g., checking p...

Dec 16, 2025 portswigger, access_control

Lab 05: URL-based access control can be circumvented

1. Executive Summary Vulnerability: URL-based Access Control Bypass (HTTP Header Spoofing). Description: The application framework supports non-standard HTTP headers (specifically X-Original-URL)...

Dec 16, 2025 portswigger, access_control

Lab 04: User role can be modified in user profile

1. Executive Summary Vulnerability: Mass Assignment (also known as Over-Posting). Description: The application framework automatically binds (maps) incoming JSON data to internal object fields. Be...

Dec 16, 2025 portswigger, access_control

Lab 03: User role controlled by request parameter

1. Executive Summary Vulnerability: Broken Access Control (Parameter Tampering). Description: The application determines the user’s privilege level based on a cleartext HTTP cookie (Admin=false). ...

Dec 16, 2025 portswigger, access_control

Lab 12: Multi-step process with no access control on one step

Lab 11 : Insecure direct object references

Lab 10: User ID controlled by request parameter with password disclosure

Lab 09: User ID controlled by request parameter with data leakage in redirect

Lab 08: User ID controlled by request parameter, with unpredictable user IDs

Lab 07: User ID controlled by request parameter

Lab 06: Method-based access control can be circumvented

Lab 05: URL-based access control can be circumvented

Lab 04: User role can be modified in user profile

Lab 03: User role controlled by request parameter

Trending Tags