Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL

Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL | Long Version

Рет қаралды 6,383

Күн бұрын

In this video, we cover Lab #2 in the Access Control Vulnerabilities module of the Web Security Academy. This lab has an unprotected admin panel. It's located at an unpredictable location, but the location is disclosed somewhere in the application. To solve the lab, we access the admin panel, and use it to delete the user carlos.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: bit.ly/30LWAtE
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:14 - Web Security Academy Course (bit.ly/30LWAtE)
01:25 - Navigation to the exercise
01:56 - Understand the exercise and make notes about what is required to solve it
02:30 - Exploit the lab
23:55 - Summary
24:06 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Notes.txt document: github.com/rkhal101/Web-Secur...
Python script: github.com/rkhal101/Web-Secur...
Web Security Academy Exercise Link: portswigger.net/web-security/...
Rana's Twitter account: / rana__khalil

Пікірлер: 15

@RanaKhalil101 Жыл бұрын

📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE

@scottspa74 Жыл бұрын

Excellent stuff, here! Thank you for sharing 💯🔥💜.

@maakthon5551 Жыл бұрын

Much appreciated!

@danielkot4959 Жыл бұрын

Great Video, really like how you script the exploit.

@ahmedmouad344 Жыл бұрын

thank you so much

@hannahprobably5765 Жыл бұрын

Huge thanks 🚩

@lipeletronica Жыл бұрын

Congratulations, great show. Do the course videos have subtitles? otherwise it will be of great help if added.

@acronproject 11 ай бұрын

Thanks

@Houssam1980 Жыл бұрын

Great video

@aalekhmotani3877 Жыл бұрын

script is giving me diff path everytime i run it, plz help

@Davidgonzalez-tp4ew Жыл бұрын

🌄🌠 Gracias 🌠🌄🇨🇴🇨🇴

@_DataSets_ 6 ай бұрын

What's the purpose of scripting the exploit? Programming intimidates me

@nishantdalvi9470 5 ай бұрын

Hey can we really find the name of admin panel by peeping into the source code of the web page in real world programs ?

@_DataSets_ 5 ай бұрын

@@nishantdalvi9470 you can find it in some websites but you cannot access it. It's rarely u find something like this in real websites but still worth it to give it a try 🤷‍♂️