Task 18 - Broken Access Control (IDOR Challenge)

Task 18 [Severity 5] Broken Access Control (IDOR Challenge)

Read and understand how IDOR works.

No answer needed

Deploy the machine and go to http://MACHINE_IP - Login with the username being noot and the password test1234.

No answer needed

Look at other users notes. What is the flag?

HINT: The URL contains ?note=1 - I wonder what happens if you change the parameter value? You might be able to access another users note..

Reveal Flag 🚩

🚩flag{fivefourthree}