IDOR Demo — Profile Viewer
Logged in as:
User #42
🔓 Vulnerable
https://app.company.com
/api/users/
1
Try changing the user ID in the URL above! Click the IDs below or edit the URL directly in your browser's address bar.
Try user IDs:
#1
#2
#7
#42
#99
AD
Admin
ADMIN
Email
admin@khemshield.com
Phone
+1-555-0100
Address
123 Admin Street, HQ Building
User ID
#1
Vulnerability exploited!
You are viewing
Admin
's private data. The server did not verify that User #42 is authorized to access User #1's profile.
Request Log
GET /api/users/1
Authorization: Bearer token_user_42
← 200 OK
Content-Type: application/json
⚠ No authorization check performed