Ctrlk

Personal Website Github LinkedIn

Home
Blue Team Labs Online
bWAPP
Command Challenge
CryptoHack
CSAW 2023
CTFLearn
CyberDefenders
DVWA
Ethernaut
Exploit Education
Google CTF - Beginner's Quest
Hacker101
LetsDefend
Microcorruption
NetGarage IO
OverTheWire
PicoCTF
PortSwigger labs
- Client-side topics
- Server-side topics
Pwn College
pwanable.kr
Root Me
ROP Emporium
TryHackMe
Under The Wire
W3Challs
Websec.fr

Powered by GitBook

On this page

Was this helpful?

PortSwigger labs
Server-side topics

Access control

Unprotected admin functionality
Unprotected admin functionality with unpredictable URL
User role controlled by request parameter
User role can be modified in user profile
User ID controlled by request parameter
User ID controlled by request parameter, with unpredictable user IDs
User ID controlled by request parameter with data leakage in redirect
User ID controlled by request parameter with password disclosure
Insecure direct object references
URL-based access control can be circumvented
Method-based access control can be circumvented
Multi-step process with no access control on one step
Referer-based access control

Last updated 1 year ago

Was this helpful?