- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
User ID Controlled by Request Parameter | Broken Access Control | PortSwigger Lab-05
In this video, I demonstrate how the User ID Controlled by Request Parameter vulnerability can be exploited, which is a classic case of Broken Access Control and Insecure Direct Object Reference (IDOR) as outlined in OWASP Top 10 (A01).
The application relies on a user-controlled request parameter (such as userId or uid) to identify which user’s data should be accessed. By modifying this parameter, an attacker can access or manipulate other users’ accounts and sensitive information without authorization.
🔍 What you will learn:
What Broken Access Control and IDOR are
Why trusting user-controlled identifiers is dangerous
How attackers manipulate request parameters to access other users’ data
Horizontal and vertical privilege escalation
Real-world impact of IDOR vulnerabilities
Proper mitigation and secure access control practices
This lab is solved using the PortSwigger Web Security Academy, making it ideal for web security learners and bug bounty hunters.
⚠️ Disclaimer:
This video is for educational purposes only. Do not attempt these techniques on systems without proper authorization.
🔐 Vulnerability Category
Broken Access Control (OWASP A01)
Insecure Direct Object Reference (IDOR)
🧪 Lab Platform
PortSwigger Web Security Academy.
#BrokenAccessControl
#IDOR
#UserIDManipulation
#RequestParameter
#WebSecurity
#EthicalHacking
#PortSwigger
#OWASPTop10
#BugBounty
#CyberSecurity
#WebApplicationSecurity
#HackingLabs
Видео User ID Controlled by Request Parameter | Broken Access Control | PortSwigger Lab-05 канала Hacking Bangla
The application relies on a user-controlled request parameter (such as userId or uid) to identify which user’s data should be accessed. By modifying this parameter, an attacker can access or manipulate other users’ accounts and sensitive information without authorization.
🔍 What you will learn:
What Broken Access Control and IDOR are
Why trusting user-controlled identifiers is dangerous
How attackers manipulate request parameters to access other users’ data
Horizontal and vertical privilege escalation
Real-world impact of IDOR vulnerabilities
Proper mitigation and secure access control practices
This lab is solved using the PortSwigger Web Security Academy, making it ideal for web security learners and bug bounty hunters.
⚠️ Disclaimer:
This video is for educational purposes only. Do not attempt these techniques on systems without proper authorization.
🔐 Vulnerability Category
Broken Access Control (OWASP A01)
Insecure Direct Object Reference (IDOR)
🧪 Lab Platform
PortSwigger Web Security Academy.
#BrokenAccessControl
#IDOR
#UserIDManipulation
#RequestParameter
#WebSecurity
#EthicalHacking
#PortSwigger
#OWASPTop10
#BugBounty
#CyberSecurity
#WebApplicationSecurity
#HackingLabs
Видео User ID Controlled by Request Parameter | Broken Access Control | PortSwigger Lab-05 канала Hacking Bangla
Комментарии отсутствуют
Информация о видео
31 января 2026 г. 20:39:05
00:02:52
Другие видео канала
Password Reset Bug Exploit 😱 | Account Takeover Without Token | Bug Bounty Bangla lab-03
Mastering FFUF HTTP Options 🔥 | Complete Bangla Guide for CTF & Pentesting
Access Control Bypass Using HTTP Methods | Bug Bounty Technique Bangla Tutorial lab-11
SQL Injection in WHERE Clause | Retrieve Hidden Data | PortSwigger Lab-1 Walkthrough
VS Code এ Markdown File কিভাবে বানাবো | Beginner Guide | Markdown Tutorial Bangla
When Hearts Collide – Love at First Breach 2026 CTF | Bangla Tutorial
picoCTF Network Forensics | Ph4nt0m 1ntrud3r PCAP Analysis Explained
File Upload Vulnerability Exploit | .htaccess Blacklist Bypass Explained Bangla Lab-04
Reflected XSS into Attribute with Angle Brackets HTML Encoded | PortSwigger Lab-06 Solution Bangla
Multi-Step Access Control Bug Exploit 🔐 | Become Admin Without Permission (Burp Suite Lab-12)
How I Hacked Bounty Hacker Room | Full CTF Solution Bangla
Blind SSRF with Out-of-Band Detection | SSRF Explained | Web Security Lab-3 Walkthrough
picoCTF Forensics | Hidden in Plain Sight | Bangla Tutorial
এই একটা Command দিলেই শেষ! 😨 Kali Linux Dangerous Command
WHOIS Record Explained | Domain Reconnaissance for Pentesting | Bangla Tutorial
Blind OS Command Injection with Out-of-Band Interaction | PortSwigger Lab Walkthrough
Source Code Disclosure via Backup Files | Apprentice Lab | Bangla Tutorial
Basic SSRF against Another Back-End System | Lab-02 Solution
PicoCTF Unminify Walkthrough | Web Exploitation | Bangla Tutorial
SQL Injection Attack | Querying Database Type & Version on Oracle | PortSwigger Lab-03
Referer Header Exploit 🔓 | Become Admin Using Access Control Bypass (Burp Suite Lab)
