1. Web Security Academy
  2. Access control
  3. Lab

Lab: User ID controlled by request parameter with data leakage in redirect

APPRENTICE

This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response.

To solve the lab, obtain the API key for the user carlos and submit it as the solution.

You can access you own account using wiener:peter.