1. Web Security Academy
  2. Access control
  3. Lab

Lab: Referer-based access control


This lab controls access to certain admin functionality based on the Referer header. You can familiarize yourself with the admin panel by logging in using administrator:admin.

To solve the lab, log in using wiener:peter and exploit the flawed access controls to promote yourself to become an administrator.