OWASP Security Shepherd Project - Insecure Direct Object Reference 2 (Insecure Direct Object Reference Challenge)
Challenge Solution The same as challenge1 , let's click the button and check the HTTP request. By searching online, we could find that the userId is MD5 value of 2,3,5,7,11. It seems that those numbers are all prime numbers. Let's try the nearest prime number -> 13 and MD5 it -> c51ce410c124a10e0db5e4b97fc2af39 . Here comes the result key : P