This lab demonstrates an example of broken access control. The web app only checks session credentials when a POST request is being used but not for a GET request.
The lab is provided by Portswigger and the title of the lab is "Method-based Access Control Can be Circumvented"
Support This Channel
======================
Please like and subscribe, it means a lot!
Please buy me a coffee so I can continue to make content.
https://buymeacoffee.com/zenshell
Join our Discord
https://discord.gg/yzpm7kSpgY
00:00 Intro
01:19 Exploring the Lab
02:14 Submitting User POST Request
03:12 Generating a Payload
05:00 Post Analysis
