Access Control Vulnerabilities in Sinhala | Portswigger Labs | Web Security

Описание: This is a Sinhala-language walkthrough of PortSwigger Labs' Access Control challenges. I demonstrate common access-control vulnerabilities step-by-step, show how to identify and exploit them on web applications, and explain mitigation advice - all in Sinhala. Covered techniques include unprotected admin functionality, role- and parameter-based access control flaws, insecure direct object references (IDORs), referer/method/URL-based bypasses, multi-step process weaknesses, and other common bypasses.

🔗 Resources
Blog : https://blog.destinyoo.com/Writeups/P...

📌 Chapters / Timestamps
00:00 Intro
01:00 Unprotected admin functionality
02:38 Unprotected admin functionality with unpredicatble URL
04:11 User role controlled by request parameter
05:54 User role can be modified in user profile
08:16 User ID controlled by request parameter
09:47 User ID controlled by request parameter, with unpredicatable user IDs
11:51 User ID controlled by request parameter with data leakage in redirect
15:30 User ID controlled by request parameter with password disclosure
17:40 Insecure direct object references
19:56 Multi-step process with no access control on one step
25:17 Referer-based access control
27:50 Method-based access control can be circumvented
30:21 URL-based access control can be circumvented

💬 Join Heshan Streams WhatsApp Channel for live notifications and events :
https://bit.ly/heshanpererawhatsapp

☁️ Join the official Discord server :
https://bit.ly/heshanstreamsdiscord

🌎 Websites :
Main : https://destinyoo.com
Blog : https://blog.destinyoo.com
Portfolio : https://about.destinyoo.com

🎙️ Daily Streams and Content :
   / @heshankperera  

Exercises and lab scenarios from PortSwigger Labs (portswigger.net). This video is for learning and awareness.

#cybersecurity #websecurity #portswiggerlabs