Web Security Academy Labs 13

• Username enumeration via subtly different responses Nov 7, 2024
• Source code disclosure via backup files Aug 7, 2024
• Referer-based access control Jul 4, 2024
• User ID controlled by request parameter with data leakage in redirect Jul 3, 2024
• Remote code execution via web shell upload Jun 4, 2024
• User ID controlled by request parameter Jun 2, 2024
• SSRF attacks against other back-end systems May 29, 2024
• 2FA simple bypass May 27, 2024
• Username enumeration via different responses May 24, 2024
• User Role Controlled By Request Parameter May 24, 2024
• User ID controlled by request parameter, with unpredictable user IDs May 16, 2024
• Unprotected admin functionality With unpredictable URL May 15, 2024
• Unprotected admin functionality May 14, 2024