Make a connection with VPN or use the attack box on Tryhackme site to connect to the Tryhackme lab environment.
1.1 What does IDOR stand for?
Answer: Insecure Direct Object Reference
2.1 What is the Flag from the IDOR example website?
Click on the big green View Site
Click on Order Confirmation
Change the ID to 1000
The flag will reveal once you change the number 12345 to 1000 and press enter
Read all that is in the task and you already know the answer
3.1 What is a common type of encoding used by websites?
4.1 Read all that is in the task and you already know the answer
5.1 What is the minimum number of accounts you need to create to check for IDORs between accounts?
Read all that is in this task and press complete
Start the machine attached to this room
Once started navigate to the correct URL with firefox given to you when the machine is full started mine was https://10-10-166-159.p.thmlabs.com
Click on customers and create an account by clicking on sign up here
Now that you are logged in click on your account
Press F12 to open the developer tools in firefox. Then click on the tab network. If you do not see anything then press reload
Click on the line where is saying customer?id=
Look at the URL on the right
Now right click on the line and click on Edit and Resend
Edit the ID number to 1
Once send click on the line that was sent and you see the information in the response tab
7.1 What is the username for user id 1?
7.2 What is the email address for user id 3?
USe the same technique but change the ID to 3