CYBER LAB
🏠 Home πŸ“Š Progress πŸ† Badges
PLAYER: player1 | XP: 500 | LEVEL: 4

MISSION 4 β€” INSECURE DIRECT OBJECT REFERENCE (IDOR)

Real-World Scenario:

Many websites load user data using simple IDs in URLs, such as:

profile.php?id=1

What’s the risk?

If access controls are missing, attackers can change the ID and view other users' private data.


OWASP Reference:

This is part of Broken Access Control (OWASP Top 10).

Start Simulation