Access control - UID controlled by request parameter with data leakage in redirect
Objective: This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response. To solve the lab, obtain the API key for the user
carlos
and submit it as the solution. You can log in to your own account using the following credentials:wiener:peter
.
This post is licensed under CC BY 4.0 by the author.