User ID controlled by request parameter with password disclosure
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-password-disclosure
Level: Apprentice
We need to retrieve a password like literally all the access control series.
If you complete the past labs, this lab is like the last we do.
Just change the id parameter to administrator or Carlos.
This time the in the response is filtering the password.
Log in as the user Administrator and complete the lab.
PreviousUser ID controlled by request parameter with data leakage in redirectNextInsecure Direct Object References (IDOR)
Last updated