1. Web Security Academy
  2. Access control
  3. Lab

Lab: Method-based access control can be circumvented


This lab implements access controls based partly on the HTTP method of requests. You can familiarize yourself with the admin panel by logging in using administrator:admin.

To solve the lab, log in using wiener:peter and exploit the flawed access controls to promote yourself to become an administrator.