Khem Cyber Labs | Hands-on Security Training Platform

IDOR Demo — Profile Viewer

Logged in as:User #42

https://app.company.com/api/users/99

Try changing the user ID in the URL above! Click the IDs below or edit the URL directly in your browser's address bar.

Try user IDs:

James Wright (CEO)

ADMIN

Emailceo@company.com

Phone+1-555-0001

Address1 Executive Blvd, Penthouse

User ID#99

Vulnerability exploited! You are viewing James Wright (CEO)'s private data. The server did not verify that User #42 is authorized to access User #99's profile.

Request Log

GET /api/users/99

Authorization: Bearer token_user_42

← 200 OK

Content-Type: application/json

⚠ No authorization check performed