> For the complete documentation index, see [llms.txt](https://www.hackervice.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.hackervice.com/ctf-labs/htb-certified-bug-bounty-hunter/web-attacks/idor-in-insecure-apis.md).

# IDOR in Insecure APIs

### Try to read the details of the user with 'uid=5'. What is their 'uuid' value?

<figure><img src="/files/yhf54chFu7QiDeXgSFAt" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/Zt5K5r2jSLAf9XLPvSPF" alt=""><figcaption></figcaption></figure>

When accessing the web application, click on "Edit Profile" and Intercept the Requests. We can see that this profile points to the user ID 1.

<figure><img src="/files/lCCDwieCYGk0p3dYjW64" alt=""><figcaption></figcaption></figure>

If we send the Request to the Repeater and change the ID to 5, we get the `uuid` of the corresponding user, confirming and IDOR vulnerability
