LAB 102 - Identifying Broken Object-Level Authorization Vulnerabilities

Course Details

Course Number: LAB 102

Course Duration: 5 minutes

Course CPE Credits: 0.1

Foreign Languages Available:

  • English

Course Overview

In this lab, while authenticated as an adversary, you will interrupt the purchase process to substitute the object ID of someone else’s credit card with that of your own. A proper authorization check, if implemented, should prevent you from completing the purchase, as you should not be allowed to use credit cards that are not associated with your account.

This lab presents a challenge in the LetSee cyber range that exploits a Broken Object-Level Authorization vulnerability by allowing an adversary to charge a purchase to someone else’s credit card. Adversaries can exploit failures in complex authorization mechanisms of API-based applications by manipulating parameters such as object IDs sent in requests.

Ready to Demo this course? Questions? Contact Us!