1. Web Security Academy
  2. Access control
  3. Lab

Lab: Multi-step process with no access control on one step


This lab has an admin panel with a flawed multi-step process for changing a user's role. You can familiarize yourself with the admin panel by logging in using administrator:admin.

To solve the lab, log in using wiener:peter and exploit the flawed access controls to promote yourself to become an administrator.