PLAYER: player1 | XP: 500 | LEVEL: 4
MISSION 4 β INSECURE DIRECT OBJECT REFERENCE (IDOR)
Real-World Scenario:
Many websites load user data using simple IDs in URLs, such as:
profile.php?id=1
Whatβs the risk?
If access controls are missing, attackers can change the ID and view other users' private data.
OWASP Reference:
This is part of Broken Access Control (OWASP Top 10).
Start Simulation