Khem Cyber Labs | Hands-on Security Training Platform

IDOR Demo — Profile Viewer

Logged in as:User #42

https://app.company.com/api/users/7

Try changing the user ID in the URL above! Click the IDs below or edit the URL directly in your browser's address bar.

Try user IDs:

Maria Garcia

USER

Emailm.garcia@company.com

Phone+1-555-0207

Address88 Sunset Drive

User ID#7

Vulnerability exploited! You are viewing Maria Garcia's private data. The server did not verify that User #42 is authorized to access User #7's profile.

Request Log

GET /api/users/7

Authorization: Bearer token_user_42

← 200 OK

Content-Type: application/json

⚠ No authorization check performed