Lab : Unprotected admin functionality
Lab: Unprotected admin functionality with unpredictable URL
Lab: User role controlled by request parameter
Lab: User role can be modified in user profile
Lab: User ID controlled by request parameter
Lab: User ID controlled by request parameter, with unpredictable user IDs
Lab: User ID controlled by request parameter with data leakage in redirect
Lab: User ID controlled by request parameter with password disclosure
Lab: Insecure direct object references
Lab: URL-based access control can be circumvented
Lab: Method-based access control can be circumvented