Task 18 - Broken Access Control (IDOR Challenge)

Task 18 [Severity 5] Broken Access Control (IDOR Challenge)

Read and understand how IDOR works.

{% hint style="success" %} No answer needed {% endhint %}

Deploy the machine and go to http://MACHINE_IP - Login with the username being noot and the password test1234.

{% hint style="success" %} No answer needed {% endhint %}

Look at other users notes. What is the flag?

{% hint style="warning" %} HINT: The URL contains ?note=1 - I wonder what happens if you change the parameter value? You might be able to access another users note.. {% endhint %}

Reveal Flag 🚩

🚩flag{fivefourthree}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

task-18-broken-access-control-idor-challenge.md

task-18-broken-access-control-idor-challenge.md

Task 18 - Broken Access Control (IDOR Challenge)

Task 18 [Severity 5] Broken Access Control (IDOR Challenge)

Read and understand how IDOR works.

Deploy the machine and go to http://MACHINE_IP - Login with the username being noot and the password test1234.

Look at other users notes. What is the flag?

Files

task-18-broken-access-control-idor-challenge.md

Latest commit

History

task-18-broken-access-control-idor-challenge.md

File metadata and controls

Task 18 - Broken Access Control (IDOR Challenge)

Task 18 [Severity 5] Broken Access Control (IDOR Challenge)

Read and understand how IDOR works.

Deploy the machine and go to http://MACHINE_IP - Login with the username being noot and the password test1234.

Look at other users notes. What is the flag?