Broken Access Control - Lab #7 User ID controlled by request parameter | Long Version

In this video, we cover Lab # 7 the Access Control Vulnerabilities module of the Web Security Academy. This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, we obtain the API key for the user carlos and submit it as the solution. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://bit.ly/30LWAtE ▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬ 00:00 - Introduction 00:13 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:23 - Navigation to the exercise 01:59 - Understand the exercise and make notes about what is required to solve it 02:43 - Exploit the lab 22:20 - Summary 22:34 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-07/notes.txt Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-07/access-control-lab-07.py Web Security Academy Exercise Link: https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter Rana's Twitter account: https://twitter.com/rana__khalil