IDOR
18 May 2025
• 1 min read
IDOR
Here it is a type of access control vulnerability that the website puts too much trust into users input
it could be encoded in base64 or hashed by md5
here after investigating the network tab we found this
https://10-64-185-72.reverse-proxy.cell-prod-us-east-1a.vm.tryhackme.com/api/v1/customer?id=5
so let’s check if it is vulnerable to IDOR