Lab: User ID controlled by request parameter, with unpredictable user IDs

APPRENTICE

This lab has a horizontal privilege escalation vulnerability on the My Account page, but identifies users with GUIDs.

To solve the lab, find the GUID for carlos, then submit his API key as the solution.

You can access you own account using wiener:peter.

Find a blog post by carlos.

Click on carlos and observe that the URL contains his user ID.

Make a note of the user ID.

Change the "id" parameter to the saved user ID.

Retrieve and submit the API key.

Want to track your progress and have a more personalized learning experience? (It's free!)

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Directory traversal Access control Web cache poisoning WebSockets