β οΈ Training Target: This system may leak information through timing differences and error messages.
β±οΈ Request Performance Metrics
Patient ID: 1003
Query Time: 1456ms
Database Status: Connected
Server Load: Normal
π€ Patient Profile
Patient ID: 1003
Name:
Robert Davis
Age:
28
Blood Type: O+
Last Visit: 2024-01-10
Status: Active Patient
Insurance: Blue Cross
Emergency Contact: Available
Recent Medical History
- Annual checkup - January 2024
- Blood work - normal results
- Vaccination record updated
β±οΈ Timing Analysis: Standard patient lookup (1456ms) -
typical response time for basic patient record queries.
π― Hunter Objective:
- Pay attention to response times and error message differences
- Fast responses (~89ms) = ID doesn't exist
- Medium responses (~1456ms) = Valid patient, accessible
- Slow responses (~2198ms) = Valid patient, access denied
- Very slow responses (~2847ms) = Admin account with extra logging
- Use timing patterns to identify valid IDs, then find admin accounts
π§ Test Different Patient IDs:
π Response Time Patterns
Timing Analysis Guide:
~89ms - Non-existent ID (immediate rejection)~1456ms - Valid patient (standard database query)~2198ms - Restricted patient (security checks)~2847ms - Admin account (audit logging + permissions)
π¨ Side-channel timing IDOR vulnerability | Let's Jam Training Platform