You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First off, thank you for creating this content! While going through the broken access control labs, specifically IDOR (Change Secret), I saw that there are different levels of difficulty. Low security was trivial, then medium security was a random number sha1'd (found by looking at the server's source). I believe the intent for medium/hard on that challenge is to use SQLi (could definitely be mistaken).
My suggestion is that in the event of varying levels of difficulty, lab guides should specify to what degree BCU expects us to complete them, i.e. low and medium, all levels, or just low, etc...
Thank you again, I'm looking forward to the upcoming sections!
~epi
The text was updated successfully, but these errors were encountered:
Hello,
First off, thank you for creating this content! While going through the broken access control labs, specifically IDOR (Change Secret), I saw that there are different levels of difficulty. Low security was trivial, then medium security was a random number sha1'd (found by looking at the server's source). I believe the intent for medium/hard on that challenge is to use SQLi (could definitely be mistaken).
My suggestion is that in the event of varying levels of difficulty, lab guides should specify to what degree BCU expects us to complete them, i.e. low and medium, all levels, or just low, etc...
Thank you again, I'm looking forward to the upcoming sections!
~epi
The text was updated successfully, but these errors were encountered: