Data Structure
Java
Python
HTML
Interview Preparation
- Tutorials
- Courses
- Tracks
During recon, you see GET /api/users/{id}/albums and swagger at /openapi.json. What’s the best first step to test for IDOR?
Last Updated :
Discuss
Comments
During recon, you see GET /api/users/{id}/albums and swagger at /openapi.json. What’s the best first step to test for IDOR?
Send requests as admin and compare payloads
Replace {id} with a sequential value you don’t own while using a normal user token
Remove the token entirely and expect 401
Increase limit=10000 to check rate limiting
This question is part of this quiz :
Cyber Quiz Day 36Tags:
Share your thoughts in the comments
GeeksforGeeks