Insecure Direct Object Reference
Last updated
Was this helpful?
Last updated
Was this helpful?
Let's click on "Insecure Direct Object Reference"
Challenge.
Hint!
The Key for this level is stored on Administrator Profile.
Return to Burp
. In the Proxy "Intercept"
tab, ensure "Intercept is on"
.
We enter the "Refresh Your Profile Button"
and Capture the Request using Burp Proxy
From the Captured request we found that "username = guest"
You would be able to view the Server Response with the Result Key
Past the key in the search box andSubmit