Exploit flaws in authorization logic that allow users to act outside their intended permissions.
Exploit an Insecure Direct Object Reference vulnerability to access other users' profile data.
Escalate from a regular user to admin by manipulating role parameters in API requests.
Access restricted files by manipulating the file path parameter in the download endpoint.