Access control - Lab : Unprotected admin functionality with unpredictable URL
Access control - Lab : User ID controlled by request parameter with data leakage in redirect
Access control - Lab : Unprotected admin functionality
Access control - Lab : User role controlled by request parameter
Access control - Lab: User role can be modified in user profile
Access control - Lab : URL-based access control can be circumvented