1. Web Security Academy
  2. Access control
  3. Lab

Lab: User ID controlled by request parameter with password disclosure


This lab has an "Account Details" page for users that contains their existing password prefilled in a masked input.

To solve the lab, retrieve the administrator's password, then use it to delete carlos.

You can access your own account using wiener:peter.