β οΈ Training Target: This system uses hidden form fields that may be vulnerable to manipulation.
βΉοΈ Ready: Fill out the form above and submit to request employee data access.
π― Hunter Objective:
- The form contains hidden fields that determine access level
- Inspect the HTML source code to find hidden input fields
- Try modifying the
user_id hidden field value
- Use browser DevTools to edit form fields before submission
- Look for administrative accounts with low user IDs (like 1)
π§ Quick Test:
Right-click this page β "View Page Source" or press F12 β Elements tab to inspect the form and find hidden fields.
π¨ Hidden field IDOR vulnerability | Let's Jam Training Platform