โ ๏ธ Training Target: This system uses numeric user IDs that may be vulnerable to IDOR attacks.
๐ค User Profile
User ID: 456
Username:
alice_jones
Email:
alice.jones@company.com
Role: Employee
Department:
Marketing
Last Login: 2024-01-15 14:22:15
Account Status: Active
Access Level: Standard
Recent Activity
- Document access: project_specs.pdf
- Email sent to team@company.com
- Calendar event created: Team Meeting
๐ฏ Hunter Objective:
- The system loads user profiles based on the
user_id parameter
- Try changing the user_id value in the URL (e.g., ?user_id=1, ?user_id=2)
- Look for administrative accounts with low numeric IDs
- Extract the system master key from the admin profile
๐ง Test Different User IDs:
๐จ Numeric IDOR vulnerability | Let's Jam Training Platform