Apprentice

In this section, we will focus on Access Control Vulnerabilities, which occur when users are able to access resources or perform actions that they are not authorized to. These vulnerabilities can expose sensitive data, allow unauthorized actions, or enable users to escalate their privileges within an application.

Throughout the exercises in this section, you will encounter various scenarios where proper access control is either absent or misconfigured. These exercises will help you understand the importance of properly securing admin functionalities, user roles, and sensitive information from unauthorized access.

The main objectives will include:

• Exploiting unprotected admin functionalities: Identifying admin panels that are exposed without proper security measures.

• Manipulating request parameters: Modifying parameters in requests to escalate privileges or access unauthorized resources.

• Exploiting insecure direct object references (IDOR): Using direct access to sensitive resources (such as user data) that are not properly protected.

• Dealing with data leakage and password disclosure: Identifying situations where sensitive information like passwords or keys are improperly exposed.

By completing these exercises, you'll gain a deeper understanding of common access control flaws and how attackers can exploit them to gain unauthorized access or escalate their privileges.