TryHackMe:- Neighbour
We have to exploit IDOR(Insecure Direct Object Reference) vulnerability.
As you can see we landed on login page and it is asking for credentials, which we don't have.
At bottom it asks us to press Ctrl + U.
As we can see Credentials for guest login are given.
http://10.10.***.***/profile.php?user=guest
As you can see the get parameter in URL is pointing toward user=guest, but what if we try to change the username in the URL.
As mentioned earlier this challenge is IDOR so let's try changing the guest user to admin.
http://10.10.***.***/profile.php?user=admin
Lets type this into URL bar and hit Enter.
BOOM!!! We got the Flag..
Thanks to TryHackMe for providing such an awesome cybersecurity practicing platform ❤️.