Lab: User ID controlled by request parameter, with unpredictable user IDs
This lab has a horizontal privilege escalation vulnerability on the My Account page, but identifies users with GUIDs.
To solve the lab, find the GUID for carlos
, then submit his API key as the solution.
You can access you own account using wiener:peter
.