Insecure direct object references

https://portswigger.net/web-security/access-control/lab-insecure-direct-object-references

Let's start the live chat.

We can now download this chat by clicking on the View transcript button. Since we are proxying the traffic through Burp Suite, we will be able to see the request in the Proxy > HTTP History.

We are being redirected, let's view the next request.

As we can see, our entire chat log is saved. Let's forward this request to the Repeater for further modification. Once in the Repeater, change the GET URI to the following:

/download-tanscript/2.txt

This causes the application to give the transcripts of another user's chat. We can now try to login to the carlos user's account using the following credentials:

Username	Password
carlos	z7yiqtqjuttawu19dlxw

We have solved the lab.