Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key.
Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (altrough is not limited to this one) is a record identifier in a storage system (database, filesystem and so on).
This is the screen we are presented with. When we choose a name in the list and click on Show This Profile, we see a little sentence about that person.
As the page says, the key for the challenge is someone not in the list. We will need Burp to intercept traffic for this one (Burp comes as a default tool on Kali Linux). So, with the intercept on in Burp and hit the Show This Profile button.
This is our packet intercepted with Burp. If we look closely at the bottom of the page we can see a user ID as the number 7. We changed that number to 8,9, -1 and 10 with no success. But 11 worked.
That concludes this lesson. Thank you for reading and comment below, share and don’t forget to follow to get more lessons in the near future.