Broken Access Control - Lab #9 UID controlled by param with data leakage in redirect | Long Version

In this video, we cover Lab #9 in the Access Control Vulnerabilities module of the Web Security Academy. This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response. To solve the lab, we obtain the API key for the user carlos and submit it as the solution. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://bit.ly/30LWAtE ▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬ 00:00 - Introduction 00:15 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:25 - Navigation to the exercise 02:07 - Understand the exercise and make notes about what is required to solve it 03:13 - Exploit the lab 22:32 - Summary 22:45 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Secur... Python script: https://github.com/rkhal101/Web-Secur... Web Security Academy Exercise Link: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil  

Join Today
Broken Access Control - Lab #10 User ID controlled by param with password disclosure | Long Version
▶︎

Broken Access Control - Lab #10 User ID controlled by param with password disclosure | Long Version

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Türkei – USA Highlights | Gruppe D, FIFA WM 2026 | sportstudio
▶︎

Türkei – USA Highlights | Gruppe D, FIFA WM 2026 | sportstudio

SQL Injection - Lab #18 Visible error-based SQL injection | Short Version
▶︎

SQL Injection - Lab #18 Visible error-based SQL injection | Short Version

Malware
▶︎

Malware

Broken Access Control | Complete Guide
▶︎

Broken Access Control | Complete Guide

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video
▶︎

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley
▶︎

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

Broken Access Control - Lab #1 Unprotected admin functionality | Long Version
▶︎

Broken Access Control - Lab #1 Unprotected admin functionality | Long Version

I Hacked This Temu Router. What I Found Should Be Illegal.
▶︎

I Hacked This Temu Router. What I Found Should Be Illegal.

ASMR Addictive Fast Tapping Collection For Deep Sleep & Anxiety Relief (No Talking) — 2.5 Hours
▶︎

ASMR Addictive Fast Tapping Collection For Deep Sleep & Anxiety Relief (No Talking) — 2.5 Hours

Broken Access Control Explained: How to Discover It in 2025?
▶︎

Broken Access Control Explained: How to Discover It in 2025?

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Cybersecurity Lab: How To Investigate PCAPs for SOC Analysts
▶︎

Cybersecurity Lab: How To Investigate PCAPs for SOC Analysts

We Asked a CIA Officer 24 Tough Questions | Honesty Box
▶︎

We Asked a CIA Officer 24 Tough Questions | Honesty Box

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

JANITOR vs THE BIGGEST GUYS IN THE GYM. They Didn’t Expect THAT
▶︎

JANITOR vs THE BIGGEST GUYS IN THE GYM. They Didn’t Expect THAT

“I’ve seen how governments suppress freedom” | Telegram founder Pavel Durov at Oslo Freedom Forum
▶︎

“I’ve seen how governments suppress freedom” | Telegram founder Pavel Durov at Oslo Freedom Forum

Business Logic Vulnerabilities - Lab #2 High-level logic vulnerability | Long Version
▶︎

Business Logic Vulnerabilities - Lab #2 High-level logic vulnerability | Long Version

What is Broken Access Control? A Quick Guide for Beginners
▶︎

What is Broken Access Control? A Quick Guide for Beginners