- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
How to bypass Access Control using Admin Privileges Stored in Cookies (PortSwigger Lab)
This video is part of a Web Application Security training series using PortSwigger Web Security Academy labs. In this episode, we examine an access control vulnerability caused by insecure use of cookies.
The lab demonstrates what can happen when an application stores authorization logic directly in client-side cookies, such as an admin=true or admin=false value, without proper server-side validation.
All demonstrations are performed in a controlled, authorized lab environment for educational purposes.
What this video covers:
What access control is and why it matters
How cookies are used in web applications
Why storing admin privileges in cookies is insecure
How improper authorization checks lead to privilege escalation
Lessons developers and security testers can learn from this issue
Key learning objectives:
Understanding broken access control vulnerabilities
Identifying insecure authorization mechanisms
Recognizing why client-side trust is dangerous
Improving secure design of authentication and authorization systems
This content is intended for:
Cybersecurity students
Ethical hackers
Penetration testers
Web developers learning secure coding practices
Lab Reference:
PortSwigger Web Security Academy – Access Control Labs:
https://portswigger.net/web-security/access-control
Disclaimer:
This video is for educational and defensive security purposes only. All demonstrations were conducted on an intentionally vulnerable application deployed in a lab environment with authorization. Do not attempt to test systems without permission.
#AccessControl #WebSecurity #PortSwigger #EthicalHacking #CyberSecurity #BrokenAccessControl #WebAppSecurity
Видео How to bypass Access Control using Admin Privileges Stored in Cookies (PortSwigger Lab) канала Hack with Elvis
The lab demonstrates what can happen when an application stores authorization logic directly in client-side cookies, such as an admin=true or admin=false value, without proper server-side validation.
All demonstrations are performed in a controlled, authorized lab environment for educational purposes.
What this video covers:
What access control is and why it matters
How cookies are used in web applications
Why storing admin privileges in cookies is insecure
How improper authorization checks lead to privilege escalation
Lessons developers and security testers can learn from this issue
Key learning objectives:
Understanding broken access control vulnerabilities
Identifying insecure authorization mechanisms
Recognizing why client-side trust is dangerous
Improving secure design of authentication and authorization systems
This content is intended for:
Cybersecurity students
Ethical hackers
Penetration testers
Web developers learning secure coding practices
Lab Reference:
PortSwigger Web Security Academy – Access Control Labs:
https://portswigger.net/web-security/access-control
Disclaimer:
This video is for educational and defensive security purposes only. All demonstrations were conducted on an intentionally vulnerable application deployed in a lab environment with authorization. Do not attempt to test systems without permission.
#AccessControl #WebSecurity #PortSwigger #EthicalHacking #CyberSecurity #BrokenAccessControl #WebAppSecurity
Видео How to bypass Access Control using Admin Privileges Stored in Cookies (PortSwigger Lab) канала Hack with Elvis
Комментарии отсутствуют
Информация о видео
29 декабря 2025 г. 12:54:01
00:03:41
Другие видео канала
Recon tips to make you a Pro | Hack with Elvis
I Passed the OSCP; Here’s What Nobody Tells You | Time with a Hacker
Hands-On Linux Fundamentals for Beginners | Learn Kali Linux Using Bandit Level 0 & 1
Hands-On Linux Fundamentals for Beginners 5 | Learn Kali Linux Using Bandit Level 8 to 10
Critical TelnetD RCE Vulnerability (CVE-2026-24061) #shorts #hacker
How to bypass Access Control via Hidden URLs in robots.txt - Portswigger Labs
How to Automate Kali Linux Setup with PimpMyKali | Pentesting Tools & Environment Setup
Finding the Cracks in WordPress | No easy 'Root'
Simple CTF TryHackMe Walkthrough | No easy 'Root'
How to bypass Authentication (Login) using SQL Injection Bypass - PortSwigger Lab Explained
Live Ethical Hacking Session: Web Security Issues in a Voting Application (Open Source)
Proving Grounds FunnyBoxEasy Walkthrough & How I Passed the OSCP Exam
How to Retrieve Hidden Data with SQL Injection — PortSwigger Web PenTest Lab (Step-by-Step)
How to bypass Access Control using Hidden Admin URLs Exposed in Source Code (PortSwigger Lab)
Hands-On Linux Fundamentals for Beginners 3 | Learn Kali Linux Using Bandit Level 4 & 5
LazyAdmin CTF TryHackMe Walkthrough | No easy 'Root' -
Wonderland CTF TryHackMe Walkthrough | No easy 'Root'
How Real Pentesters Think (CTF Demonstration) | Cybersecurity Podcast Ep. 2 Part 1
Hands-On Linux Fundamentals for Beginners 4 | Learn Kali Linux Using Bandit Level 6 & 7
How Real Pentesters Think (CTF Demonstration) | Cybersecurity Podcast Ep. 2 Part 2
