Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Lab: Insecure direct object references

APPRENTICE

This lab stores user chat logs directly on the server's file system, and retrieves them using static URLs.

Solve the lab by finding the password for the user carlos, and logging into their account.

ACCESS THE LAB

Solution

  1. Select the Live chat tab.
  2. Send a message and then select View transcript.
  3. Review the URL and observe that the transcripts are text files assigned a filename containing an incrementing number.
  4. Change the filename to 1.txt and review the text. Notice a password within the chat transcript.
  5. Return to the main lab page and log in using the stolen credentials.

Community solutions

Intigriti
Rana Khalil
Michael Sommer (no audio)

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here

Try Burp Suite for Free

Find access control vulnerabilities using Burp Suite

Try for free