โ ๏ธ Training Target: This system uses numeric user IDs that may be vulnerable to IDOR attacks.
๐ค User Profile
User ID: 789
Username:
bob_smith
Email:
bob.smith@company.com
Role: Employee
Department:
Sales
Last Login: 2024-01-15 14:22:15
Account Status: Active
Access Level: Standard
Recent Activity
- Document access: project_specs.pdf
- Email sent to team@company.com
- Calendar event created: Team Meeting
๐ฏ Hunter Objective:
- The system loads user profiles based on the
user_id parameter
- Try changing the user_id value in the URL (e.g., ?user_id=1, ?user_id=2)
- Look for administrative accounts with low numeric IDs
- Extract the system master key from the admin profile
๐ง Test Different User IDs:
๐จ Numeric IDOR vulnerability | Let's Jam Training Platform