all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Access to admin account on Portswigger labs

Add to bookmarks
Nov. 16, 2023, 2:54 p.m. | /u/Different_Fun_4066

cybersecurity www.reddit.com

I solved several labs on portswigger, in which I was given admin credentials to explore admin actions and then leverage access control vulnerabilities to do admin actions while logged in as normal user. Question is, how would we typically be able to find ways to perform such actions in real world scenario, as we would not have access to admin account to explore those actions?


For reference, lab which provides admin account: https://portswigger.net/web-security/access-control/lab-method-based-access-control-can-be-circumvented

access access control account actions admin control credentials cybersecurity find labs normal portswigger question real scenario vulnerabilities world

Visit resource

More from www.reddit.com / cybersecurity

Why is Penetration Testing so hard to get into? 6 hours ago | www.reddit.com
can change check comments +12
Source: Military intelligence carries out cyberattack on Russia's 1C Company 6 hours ago | www.reddit.com
cyberattack cybersecurity intelligence military +1
How visible do you set your profile on LinkedIn? 6 hours ago | www.reddit.com
college computer computer science current +15
Is there currently a downturn in hiring? 7 hours ago | www.reddit.com
cybersecurity downturn hiring
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw 7 hours ago | www.reddit.com
critical cybersecurity flaw rce +3
SIEM install at home 8 hours ago | www.reddit.com
can cybersecurity home home network +10
OSINT Investigation into the LockBit Leader 8 hours ago | www.reddit.com
cybersecurity investigation leader lockbit +1
LockBit leader unmasked and sanctioned 11 hours ago | www.reddit.com
cybersecurity leader lockbit unmasked
SOC L3 feels like customer service 11 hours ago | www.reddit.com
alert alerts analyst connections +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Red Team Penetration Tester and Operator, Junior

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com

Director, Security Operations & Risk Management

@ Live Nation Entertainment | Toronto, ON
View on infosec-jobs.com

IT and Security Specialist APAC (F/M/D)

@ Flowdesk | Singapore, Singapore, Singapore
View on infosec-jobs.com

Senior Security Controls Assessor

@ Capgemini | Washington, DC, District of Columbia, United States; McLean, Virginia, United States
View on infosec-jobs.com

GRC Systems Solution Architect

@ Deloitte | Midrand, South Africa
View on infosec-jobs.com

Cybersecurity Subject Matter Expert (SME)

@ SMS Data Products Group, Inc. | Fort Belvoir, VA, United States
View on infosec-jobs.com
View more jobs