1. Web Security Academy
  2. Access control
  3. Lab

Lab: Insecure direct object references


This lab stores user chat logs directly on the server's file system, and retrieves them using static URLs.

Solve the lab by finding the password for the user carlos, and logging into their account.

Try Burp Suite for Free

Find access control vulnerabilities using Burp Suite

Try for free