Nov. 16, 2023, 2:54 p.m. | /u/Different_Fun_4066


I solved several labs on portswigger, in which I was given admin credentials to explore admin actions and then leverage access control vulnerabilities to do admin actions while logged in as normal user. Question is, how would we typically be able to find ways to perform such actions in real world scenario, as we would not have access to admin account to explore those actions?

For reference, lab which provides admin account:

access access control account actions admin control credentials cybersecurity find labs normal portswigger question real scenario vulnerabilities world

Security Specialist

@ Protect Democracy | Remote, US

Experienced Security Compliance - HITRUST

@ Gainwell Technologies | Any city, TX, US, 99999

24 x 7 Security Analyst

@ LRQA | Birmingham, GB, B37 7ES

Associate Information Security Governance - #catalystWSP

@ Singtel | Singapore, Singapore

Security Consulting and Risk Officer

@ Metrobank | Taguig, Philippines

Security Threat Analyst

@ Metrobank | Taguig, Philippines