Lab: User ID controlled by request parameter, with unpredictable user IDs
This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs.
To solve the lab, find the GUID for carlos
, then submit his API key as the solution.
You can log in to your own account using the following credentials: wiener:peter