πŸ₯ MedPortal Patient System

Secure Medical Records Database

⏱️ Request Performance Metrics

Patient ID: abc

Query Time: 89ms

Database Status: Connected

Server Load: Normal

🚫 Patient Not Found

No patient record found for ID "abc".

🎯 Hunter Objective:
πŸ”§ Test Different Patient IDs:
ID: 1 (Admin?) ID: 1001 ID: 1002 ID: 1003
ID: 2000 ID: 9999 ID: abc ID: 0 (Root?)
πŸ• Response Time Patterns

Timing Analysis Guide:

  • ~89ms - Non-existent ID (immediate rejection)
  • ~1456ms - Valid patient (standard database query)
  • ~2198ms - Restricted patient (security checks)
  • ~2847ms - Admin account (audit logging + permissions)
🚨 Side-channel timing IDOR vulnerability | Let's Jam Training Platform