Mongo IDOR

This challenge covers how to exploit an IDOR when Mongo IDs are used

PRO
Tier
Medium
< 1 Hr.
825
API Badge

In this challenge, your objective is to find and exploit an Insecure Direct Object Reference (IDOR) vulnerability. Typically, IDOR vulnerabilities occur when an application uses predictable identifiers, such as incrementing numbers, which can be easily guessed. However, in this case, the storage mechanism does not rely on incrementing numbers, requiring you to find alternative ways the application might leak the user identifiers.

The user admin@libcurl.so has stored a secret key in their account. By examining the application's API endpoints and responses, you will discover how to access this sensitive information. This exercise will help you understand the importance of securing API endpoints and how to identify and exploit IDOR vulnerabilities in web applications.

Want to learn more? Get started with PentesterLab Pro! GOPRO