Introduction

Hello guys, how are you all? Today we will write articles on access control vulnerabilities. This is our 10th article on access control vulnerabilities. In this article, I will cover the PortSwigger Web Security lab ‘URL-based access control can be circumvented.’ I will provide a complete step-by-step practical guide to solve the lab.

Lab Description Of URL-based access control can be circumvented

Now I am an admin panel with the name ‘/admin.’ It has been configured in the front-end system to block external users, so only internal users can access it. However, the back-end application on which it is built supports the ‘X-Origional-URL’ header. To solve this lab, we need to access the admin panel and delete Carlos’ account.

First, access the lab. You can also find the Admin panel in the lab’s menu.

When I clicked on the admin panel, you can see that it’s blocking me because I am an external user.

First, go to the page and intercept its request. At the end, add ‘X-Origional-URL: /invalid.’

Now remove ‘/invalid’ and replace it with ‘/admin.’ You will gain access to the admin panel.

Now, enter ‘/admin/delete,’ and your lab based on portswigger web security URL-based access control can be circumvented will be solved.

you can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.

To continue studying check out the next lab i.e. Method-Based Access Control Can Be Circumvented, cover the current lab before visiting the next lab. Good Luck!

FAQS