First off, thank you for creating this content! While going through the broken access control labs, specifically IDOR (Change Secret), I saw that there are different levels of difficulty. Low security was trivial, then medium security was a random number sha1'd (found by looking at the server's source). I believe the intent for medium/hard on that challenge is to use SQLi (could definitely be mistaken).
My suggestion is that in the event of varying levels of difficulty, lab guides should specify to what degree BCU expects us to complete them, i.e. low and medium, all levels, or just low, etc...
Thank you again, I'm looking forward to the upcoming sections!
Hello,
First off, thank you for creating this content! While going through the broken access control labs, specifically IDOR (Change Secret), I saw that there are different levels of difficulty. Low security was trivial, then medium security was a random number sha1'd (found by looking at the server's source). I believe the intent for medium/hard on that challenge is to use SQLi (could definitely be mistaken).
My suggestion is that in the event of varying levels of difficulty, lab guides should specify to what degree BCU expects us to complete them, i.e. low and medium, all levels, or just low, etc...
Thank you again, I'm looking forward to the upcoming sections!
~epi