Number 5 on OWASP list there are so many diffrent vulnerabilites that can fall under this but what we should know about this on more high level like what does it mean and basically its just stating that a person gets access to soemthing that he shouldnt.So like a normal person can access a admin panel or something like that.

in some case maybe if in the url we ?id=6 and we change it to like 7 and we cans till access it or something like that.

Attacks →

We can attack it by going to cusotmer feedack and go there and we see a form like this which has our name and stuff filled

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/7a372423-db74-42c8-9e87-2d403961693f/Untitled.png

and if you inspect the element and see the code there is a input which has the hidden property true on it and what we can do is basically delete that and see if we get something and indeed we do .

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2f96d295-acd7-4a6d-b2a8-42846bb52335/Untitled.png

now we just remove it and boom we have the id showing

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d6d77815-d6d8-4bd4-938f-045517615839/Untitled.png

and we can change it to something and we bypass access and post feedback in someone else name or something like that.

also we navigate to administrator it kinda shows us something for like a mili seocnd which is also dangerous.