User ID controlled by request parameter with password disclosure (Apprentice Level)

In this video, I demonstrate how to solve the User ID Controlled by Request Parameter with Password Disclosure lab from PortSwigger Web Security Academy. This lab highlights a critical combination of Broken Access Control and sensitive data exposure, where user credentials are insecurely disclosed. The application relies on a user-controlled parameter to retrieve account details without enforcing proper authorization checks. By manipulating this parameter, an attacker can access other users’ information. In this case, the vulnerability becomes more severe because passwords are exposed in the response, leading to full account compromise. In this walkthrough, we access another user’s profile, extract the disclosed password, and use it to log in as that user. Topics covered in this video: Identifying sensitive data exposure in responses Exploiting privilege escalation Account takeover using disclosed credentials This vulnerability falls under Broken Access Control and Sensitive Data Exposure, both of which are critical risks highlighted in the OWASP Top 10. The labs from PortSwigger Web Security Academy provide hands-on practice for learning real-world web application security issues and improving penetration testing skills. This video is useful for application security engineers, penetration testers, bug bounty hunters, and anyone preparing for web security certifications or interviews.