1. Web Security Academy
  2. Access control
  3. Lab

Lab: User role can be modified in user profile

APPRENTICE

This lab has an admin panel at /admin. It's only accessible to logged-in users with a roleid of 2.

Solve the lab by accessing the admin panel and using it to delete the user carlos.

You can log in to your own account using wiener:peter.

Try Burp Suite for Free

Find access control vulnerabilities using Burp Suite

Try for free