Broken Access Control - Lab # 13 Referer-based access control | Long Version

In this video, we cover Lab #13 in the Access Control Vulnerabilities module of the Web Security Academy. This lab controls access to certain admin functionality based on the Referer header. You can familiarize yourself with the admin panel by logging in using the credentials administrator:admin. To solve the lab, we log in using the credentials wiener:peter and exploit the flawed access controls to promote ourselves to become an administrator. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://bit.ly/30LWAtE ▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬ 00:00 - Introduction 00:12 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:23 - Navigation to the exercise 01:53 - Understand the exercise and make notes about what is required to solve it 02:31 - Exploit the lab 15:04 - Summary 15:25 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-13/notes.txt Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-13/access-control-lab-13.py Web Security Academy Exercise Link: https://portswigger.net/web-security/access-control/lab-referer-based-access-control Rana's Twitter account: https://twitter.com/rana__khalil