Bola Lab2

Posted on September 7, 2023 by in

Broken Object Level Authorization Lab 1

There is another bola vulnerabity Contact Mechanic fucntion, try to find it yourself

Here is my writeup
Firstly open case with contact mechanic and capture it with burp suite then analyze request and response

capture report_id request

add jwt token to the requets

Chnage id value next request and prove bola vulnerability