- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
User ID controlled by request parameter with password disclosure | Lab-08 Bangla
In this video, I demonstrate how to exploit an Insecure Direct Object Reference (IDOR) vulnerability where the user ID is controlled by a request parameter and the application exposes a user’s password in the response.
By manipulating the id parameter, we bypass access controls and retrieve sensitive account information belonging to another user. The application fails to properly enforce server-side authorization and incorrectly exposes credentials in the response, leading to full account takeover.
Key concepts covered:
Broken Access Control (IDOR)
Horizontal Privilege Escalation
Sensitive Data Exposure
Password Disclosure Vulnerability
Account Takeover
Testing access control using Burp Suite
This lab demonstrates how improper authorization checks and insecure password handling can result in critical security vulnerabilities.
#IDOR
#BrokenAccessControl
#PasswordDisclosure
#SensitiveDataExposure
#WebSecurity
#BugBounty
#CyberSecurity
#EthicalHacking
#PortSwigger
#BurpSuite
#OWASP
#AccountTakeover
#SecurityTesting
#InfoSec
Видео User ID controlled by request parameter with password disclosure | Lab-08 Bangla канала Hacking Bangla
By manipulating the id parameter, we bypass access controls and retrieve sensitive account information belonging to another user. The application fails to properly enforce server-side authorization and incorrectly exposes credentials in the response, leading to full account takeover.
Key concepts covered:
Broken Access Control (IDOR)
Horizontal Privilege Escalation
Sensitive Data Exposure
Password Disclosure Vulnerability
Account Takeover
Testing access control using Burp Suite
This lab demonstrates how improper authorization checks and insecure password handling can result in critical security vulnerabilities.
#IDOR
#BrokenAccessControl
#PasswordDisclosure
#SensitiveDataExposure
#WebSecurity
#BugBounty
#CyberSecurity
#EthicalHacking
#PortSwigger
#BurpSuite
#OWASP
#AccountTakeover
#SecurityTesting
#InfoSec
Видео User ID controlled by request parameter with password disclosure | Lab-08 Bangla канала Hacking Bangla
Комментарии отсутствуют
Информация о видео
11 февраля 2026 г. 21:19:47
00:05:52
Другие видео канала
Password Reset Bug Exploit 😱 | Account Takeover Without Token | Bug Bounty Bangla lab-03
Mastering FFUF HTTP Options 🔥 | Complete Bangla Guide for CTF & Pentesting
Access Control Bypass Using HTTP Methods | Bug Bounty Technique Bangla Tutorial lab-11
SQL Injection in WHERE Clause | Retrieve Hidden Data | PortSwigger Lab-1 Walkthrough
VS Code এ Markdown File কিভাবে বানাবো | Beginner Guide | Markdown Tutorial Bangla
When Hearts Collide – Love at First Breach 2026 CTF | Bangla Tutorial
picoCTF Network Forensics | Ph4nt0m 1ntrud3r PCAP Analysis Explained
File Upload Vulnerability Exploit | .htaccess Blacklist Bypass Explained Bangla Lab-04
Reflected XSS into Attribute with Angle Brackets HTML Encoded | PortSwigger Lab-06 Solution Bangla
Multi-Step Access Control Bug Exploit 🔐 | Become Admin Without Permission (Burp Suite Lab-12)
How I Hacked Bounty Hacker Room | Full CTF Solution Bangla
Blind SSRF with Out-of-Band Detection | SSRF Explained | Web Security Lab-3 Walkthrough
picoCTF Forensics | Hidden in Plain Sight | Bangla Tutorial
এই একটা Command দিলেই শেষ! 😨 Kali Linux Dangerous Command
WHOIS Record Explained | Domain Reconnaissance for Pentesting | Bangla Tutorial
Blind OS Command Injection with Out-of-Band Interaction | PortSwigger Lab Walkthrough
Source Code Disclosure via Backup Files | Apprentice Lab | Bangla Tutorial
Basic SSRF against Another Back-End System | Lab-02 Solution
PicoCTF Unminify Walkthrough | Web Exploitation | Bangla Tutorial
SQL Injection Attack | Querying Database Type & Version on Oracle | PortSwigger Lab-03
Referer Header Exploit 🔓 | Become Admin Using Access Control Bypass (Burp Suite Lab)
