URL manipulation is a technique to exploit IDOR vulnerabilities.
This very basic system has 3 accounts, each with their own order and address. Try seeing if you can access each of the users, orders and profiles.
... and yes I got super lazy and used IDs 1-3 when implementing...