1. Web Security Academy
  2. Business logic vulnerabilities
  3. Examples
  4. Lab

Lab: Weak isolation on dual-use endpoint

PRACTITIONER

This lab makes a flawed assumption about the user's privilege level based on their input. As a result, you can exploit the logic of its account management features to gain access to arbitrary users' accounts. To solve the lab, access the administrator account and delete Carlos.

You can access your own account using the following credentials: wiener:peter