The broken access control vulnerability has not been fixed.

Test 1: Broken Access Control Vulnerability Not Fixed

Try logging in with username=alice and password=monkey1. Then try going to http://sandbox-hackedu.com/account/18 in the sandbox browser. Can you see the account information? Should you see the account information? What about http://sandbox-hackedu.com/account/19? Please review the Defense section of the lesson and try again.

Test2: Broken Access Control Vulnerability Not Fixed

Try logging in with username=bob and password=password. Then try going to http://sandbox-hackedu.com/account/18 in the sandbox browser. Can you see the account information? Should you see the account information? What about http://sandbox-hackedu.com/account/19? Please review the Defense section of the lesson and try again.

Test 3: Broken Access Control Vulnerability Not Fixed

Try logging in with username=bob and password=password. Then try going to http://sandbox-hackedu.com/account/18 in the sandbox browser. Can you see the account information? Should you see the account information? What about http://sandbox-hackedu.com/account/19? Did you solve for the specific case or the general case? Please review the Defense section of the lesson and try again.

Did this answer your question?