Khem Cyber Labs | Hands-on Security Training Platform

IDOR Demo — Profile Viewer

Logged in as:User #42

https://app.company.com/api/users/2

Try changing the user ID in the URL above! Click the IDs below or edit the URL directly in your browser's address bar.

Try user IDs:

Sarah Connor

USER

Emailsarah.connor@company.com

Phone+1-555-0142

Address456 Oak Avenue, Apt 7B

User ID#2

Vulnerability exploited! You are viewing Sarah Connor's private data. The server did not verify that User #42 is authorized to access User #2's profile.

Request Log

GET /api/users/2

Authorization: Bearer token_user_42

← 200 OK

Content-Type: application/json

⚠ No authorization check performed