Nov. 16, 2023, 2:54 p.m. | /u/Different_Fun_4066

cybersecurity www.reddit.com

I solved several labs on portswigger, in which I was given admin credentials to explore admin actions and then leverage access control vulnerabilities to do admin actions while logged in as normal user. Question is, how would we typically be able to find ways to perform such actions in real world scenario, as we would not have access to admin account to explore those actions?


For reference, lab which provides admin account: https://portswigger.net/web-security/access-control/lab-method-based-access-control-can-be-circumvented

access access control account actions admin control credentials cybersecurity find labs normal portswigger question real scenario vulnerabilities world

Solution Architect H/F

@ Exotec | Lille, Hauts-de-France, France

Chef de projet Sécurité SI

@ Alter Solutions | Paris, France

Audit Manager / Sr Audit Manager IT - 90379779 - Washington

@ Amtrak | Washington, DC, US, 20002

Auditor IT - 90379778 - Washington

@ Amtrak | Washington, DC, US, 20002

1210/ 1241/ 1155 - Senior Network Engineer

@ Sigma Defense | San Diego, California, United States

SharePoint Cloud Administrator

@ Resource Management Concepts, Inc. | Dahlgren, Virginia, United States