β οΈ Training Target: This system may leak information through timing differences and error messages.
β±οΈ Request Performance Metrics
Patient ID: 1
Query Time: 2847ms
Database Status: Connected
Server Load: Normal
π¨ββοΈ Medical Staff Profile
ID: 1
Name: Dr. Administrator
Role: Chief Medical Officer
Department: Administration
License: MD-ADMIN-001
Access Level: Full System
Specialization: All Departments
Status: Active
Last Login: 2024-01-15 08:30:15
π Administrative Medical Access
System Master Key:
FLAG{s1d3_ch4nn3l_l34k_2024}
Administrative Privileges:
- All patient records access
- System configuration
- Medical database queries
- Emergency override codes
π΅οΈ Side-Channel Analysis: Notice the longer response time (2847ms)
for admin accounts due to additional permission checks and audit logging.
π― Hunter Objective:
- Pay attention to response times and error message differences
- Fast responses (~89ms) = ID doesn't exist
- Medium responses (~1456ms) = Valid patient, accessible
- Slow responses (~2198ms) = Valid patient, access denied
- Very slow responses (~2847ms) = Admin account with extra logging
- Use timing patterns to identify valid IDs, then find admin accounts
π§ Test Different Patient IDs:
π Response Time Patterns
Timing Analysis Guide:
~89ms - Non-existent ID (immediate rejection)~1456ms - Valid patient (standard database query)~2198ms - Restricted patient (security checks)~2847ms - Admin account (audit logging + permissions)
π¨ Side-channel timing IDOR vulnerability | Let's Jam Training Platform