Broken Access Control & Session Management

Authentication and session management are the core components in modern web applications.

Authentication means that we have an authorize access to our page. Like we all use Social media what it needs that we have to login , via username & password mechanism so that’s called authentication. Now what if there would a flaw and an attacker finds that, The attacker can access our sensitive information.

For example, Consider a Web App test.php this site has two roles, Admin(), & normal user. What if an attacker finds a flaw and with just tampering url attacker can access admin page , and that should be shown to that attacker.