Challenge 6 - Insecure Direct Object References (IDOR)

This challenge is about giving yourself permissions to access things you shouldn't using a technique known as IDOR. More simply put, we will be testing the URL.

Users in a DB have an ID, Username, Password and Secret. To solve this challenge you need to view the secret of 'User2'.

View My Details Exercise

Username:
Password:

Submit a valid username and password to log in

Log in to see your profile