IDOR

IDOR

Here it is a type of access control vulnerability that the website puts too much trust into users input

it could be encoded in base64 or hashed by md5

here after investigating the network tab we found this

https://10-64-185-72.reverse-proxy.cell-prod-us-east-1a.vm.tryhackme.com/api/v1/customer?id=5

so let’s check if it is vulnerable to IDOR