1. Web Security Academy
  2. Access control
  3. Lab

Lab: User ID controlled by request parameter with data leakage in redirect


This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response.

To solve the lab, obtain the API key for the user carlos and submit it as the solution.

You can access your own account using wiener:peter.