β οΈ Training Target: This system may leak information through timing differences and error messages.
β±οΈ Request Performance Metrics
Patient ID: 2000
Query Time: 2198ms
Database Status: Connected
Server Load: Normal
π Access Restricted
Patient ID "2000" exists but you don't have permission to view this record.
Error Code: ACCESS_DENIED
Patient ID: 2000
Reason: Insufficient privileges for this patient record
π΅οΈ Side-Channel Clue: The response time (2198ms) indicates
the system found the patient record but performed additional security checks before denying access.
π― Hunter Objective:
- Pay attention to response times and error message differences
- Fast responses (~89ms) = ID doesn't exist
- Medium responses (~1456ms) = Valid patient, accessible
- Slow responses (~2198ms) = Valid patient, access denied
- Very slow responses (~2847ms) = Admin account with extra logging
- Use timing patterns to identify valid IDs, then find admin accounts
π§ Test Different Patient IDs:
π Response Time Patterns
Timing Analysis Guide:
~89ms - Non-existent ID (immediate rejection)~1456ms - Valid patient (standard database query)~2198ms - Restricted patient (security checks)~2847ms - Admin account (audit logging + permissions)
π¨ Side-channel timing IDOR vulnerability | Let's Jam Training Platform