← All Challenges
Challenge 31 of 66

Identity Thief

🟠 Hard Web App +100 XP

An API returns user data at /api/user/1001. Your account is 1001. Change the ID to access the admin account at ID 1.

Identity Thief // sandbox
IDOR = Insecure Direct Object Reference. Just change the number in the URL.

🏆 Challenge Complete!

+100 XP earned
Next Challenge →
← Prev Next →