Digital garden

❯

❯

❯

access control vul

Folder: wargame/portswigger/access-control-vul

13 items under this folder.

Feb 04, 2026
Portswigger-Insecure direct object references
Feb 04, 2026
Portswigger-Method-based access control can be circumvented
Feb 04, 2026
Portswigger-Multi-step process with no access control on one step
Feb 04, 2026
Portswigger-Referer-based access control
Feb 04, 2026
Portswigger-URL-based access control can be circumvented
Feb 04, 2026
Portswigger-Unprotected admin functionality with unpredictable URL
Feb 04, 2026
Portswigger-Unprotected admin functionality
Feb 04, 2026
Portswigger-User ID controlled by request parameter with data leakage in redirect
Feb 04, 2026
Portswigger-User ID controlled by request parameter with password disclosure
Feb 04, 2026
Portswigger-User ID controlled by request parameter, with unpredictable user IDs
Feb 04, 2026
Portswigger-User ID controlled by request parameter
Feb 04, 2026
Portswigger-User role can be modified in user profile
Feb 04, 2026
Portswigger-User role controlled by request parameter

Created with Quartz v4.5.1 © 2026

Blog