In this video, we cover Lab #1 in the Access Control Vulnerabilities module of the Web Security Academy. This lab has an unprotected admin panel. To solve the lab, we exploit the access control vulnerability to access the admin panel and delete the user carlos user.

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-01/notes.txt

Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/lab-01/access-control-lab-01.py

Web Security Academy Exercise Link: https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality

Rana's Twitter account: https://twitter.com/rana__khalil