all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Access to admin account on Portswigger labs

Add to bookmarks
Nov. 16, 2023, 2:54 p.m. | /u/Different_Fun_4066

cybersecurity www.reddit.com

I solved several labs on portswigger, in which I was given admin credentials to explore admin actions and then leverage access control vulnerabilities to do admin actions while logged in as normal user. Question is, how would we typically be able to find ways to perform such actions in real world scenario, as we would not have access to admin account to explore those actions?


For reference, lab which provides admin account: https://portswigger.net/web-security/access-control/lab-method-based-access-control-can-be-circumvented

access access control account actions admin control credentials cybersecurity find labs normal portswigger question real scenario vulnerabilities world

Visit resource

More from www.reddit.com / cybersecurity

Privileged Identity Management (PIM): For Many, a False Sense of Security 4 hours ago | www.reddit.com
cybersecurity identity identity management management +4
Over 30% of Log4J apps use a vulnerable version of the library 5 hours ago | www.reddit.com
apps cybersecurity library log4j +2
2023 Ransomware Trends: Rising Ransom Payments Drive Higher Demand for Cyber Insurance - Socket 7 hours ago | www.reddit.com
cyber cyber insurance cybersecurity demand +10
Computer Security Architecture - *improving public awareness* 7 hours ago | www.reddit.com
architecture article awareness bracket +13
HHS Publishes Concept Paper Outlining Cybersecurity Strategy for Health Care Sector 8 hours ago | www.reddit.com
care concept cybersecurity cybersecurity strategy +5
Infostealer Credentials Compromise Password Managers, Posing Identity and Financial Theft Risks 8 hours ago | www.reddit.com
compromise credentials cybersecurity financial +8
HIGH ALERT ADVISORY: NEW PIKABOT SPAM RUN WITH ATTACHED HTML CODE (long but useful read) 9 hours ago | www.reddit.com
addresses advisory alert code +14
Vulnerability Management 9 hours ago | www.reddit.com
consulting cybersecurity device etc +14
EC-Council CEH 11 hours ago | www.reddit.com
amp analyst blue blue team +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Experienced Security Compliance - HITRUST

@ Gainwell Technologies | Any city, TX, US, 99999
View on infosec-jobs.com

24 x 7 Security Analyst

@ LRQA | Birmingham, GB, B37 7ES
View on infosec-jobs.com

Associate Information Security Governance - #catalystWSP

@ Singtel | Singapore, Singapore
View on infosec-jobs.com

Security Consulting and Risk Officer

@ Metrobank | Taguig, Philippines
View on infosec-jobs.com

Security Threat Analyst

@ Metrobank | Taguig, Philippines
View on infosec-jobs.com
View more jobs