Broken Access Control | pwnCraft – Cybersecurity Blog & Portfolio of Sujal Kumar

📄️ Lab 1 - Unprotected Admin Functionality

Step-by-step PortSwigger lab walkthrough demonstrating broken access control where admin functionality is exposed without authentication. Learn how to discover hidden admin panels via robots.txt and exploit unprotected endpoints.

📄️ Lab 2 - Unprotected Admin Functionality with Unpredictable URL

Step-by-step PortSwigger lab walkthrough showing how to discover hidden admin panels through JavaScript source code analysis. Learn about broken access control when sensitive URLs are exposed in client-side code.

📄️ Lab 3 - User Role Controlled by Request Parameter

Step-by-step PortSwigger lab walkthrough demonstrating broken access control through cookie manipulation. Learn how to exploit admin role verification using forgeable cookies to gain unauthorized administrative access.

📄️ Lab 4 - User Role Can Be Modified in User Profile

Step-by-step PortSwigger lab walkthrough demonstrating broken access control through JSON parameter injection. Learn how to exploit insecure API responses that allow role modification via POST request manipulation.

📄️ Lab 5 - URL-Based Access Control can be circumvented

Step-by-step PortSwigger lab walkthrough demonstrating how reverse proxy URL override headers like X-Original-URL can bypass URL-based access controls to reach unauthenticated admin functionality.

📄️ Lab 6 - Method-Based Access Control can be circumvented

Step-by-step PortSwigger lab walkthrough showing how flawed method-based authorization allows privilege escalation. Learn to identify and exploit endpoints that incorrectly rely on HTTP methods (GET vs POST) for access control decisions.

📄️ Lab 7 - User ID Controlled by Request Parameter

Step-by-step PortSwigger lab walkthrough demonstrating horizontal privilege escalation through parameter tampering. Learn to exploit user ID parameters in URLs to access other users' sensitive data like API keys.

📄️ Lab 8 - User ID Controlled by Request Parameter with Unpredictable User IDs

Step-by-step PortSwigger lab walkthrough showing how to discover unpredictable user IDs through information disclosure in blog posts. Learn to perform horizontal privilege escalation by extracting user identifiers from public content.

📄️ Lab 9 - User ID Controlled by Request Parameter with Data Leakage in Redirect

Step-by-step PortSwigger lab walkthrough demonstrating horizontal privilege escalation through sensitive data exposed in HTTP redirect responses. Learn how to intercept and extract API keys from redirect response bodies.

📄️ Lab 10 - UserID Controlled by Request Parameter with Password Disclosure

Step-by-step PortSwigger lab walkthrough demonstrating horizontal privilege escalation through password disclosure in masked input fields. Learn to extract credentials via parameter tampering and escalate to administrator privileges.

📄️ Lab 11 - Insecure Direct Object References

Step-by-step PortSwigger lab walkthrough demonstrating IDOR vulnerability through sequential file enumeration. Learn to exploit predictable file identifiers in download URLs to access unauthorized user data and extract credentials.

📄️ Lab 12 - Multi-Step Process with no Access Control on One Step

Step-by-step PortSwigger lab walkthrough demonstrating broken access control in multi-step workflows. Learn how missing authorization checks on intermediate steps allow privilege escalation and account compromise.

📄️ Lab 13 - Referer-Based Access Control

Step-by-step PortSwigger lab walkthrough demonstrating broken access control through referer header validation. Learn how flawed referer-based authorization allows privilege escalation and administrator impersonation.