Normally a web application should identify a logged in user by data which is stored on the server side in some kind of session storage. Howe...
![[The Burp SessionAuth] Extension for Detection of Possible Privilege escalation vulnerabilities](https://4.bp.blogspot.com/-6ORTywgPOkw/UgsSF3XCSyI/AAAAAAAAA28/WGu-4m0omlE/s72-c/Burp-SessionAuth-ScanIssues.png)
Normally a web application should identify a logged in user by data which is stored on the server side in some kind of session storage. Howe...