Course

In this challenge, you are tasked with identifying a vulnerability that will enable you to retrieve a key stored as a secret in the admin's account. The user admin@libcurl.so has stored this key, and your objective is to find a way to access it. This exercise is based on a challenge from the Essential badge and is designed to enhance your testing skills by providing minimal information at the start.

The video walkthrough demonstrates a step-by-step process to identify and exploit an Insecure Direct Object Reference (IDOR) vulnerability. By manipulating the API endpoints, you can access secrets that you are not authorized to view. This challenge emphasizes the importance of understanding both the front-end and back-end operations of a web application, and how they can be exploited if not properly secured.