Lab 108 — CostPilot — IDOR via Deprecated v1 API Endpoint

hackadvisor

Task: expense management platform migrated from v1 (numeric IDs) to v2 (UUID-based) API, with deprecated v1 endpoints still partially active. Solution: discover API versioning via X-API-Version header, enumerate /api/v1/expenses/{id} with sequential numeric IDs to access another user's confidential expenses containing the flag.

idor honeypot broken_access_control api_versioning uuid decoy_flag sequential_id deprecated_endpoint expense_management numeric_id

idor_exploitationsequential_id_enumerationhoneypot_detectionapi_version_enumerationdeprecated_endpoint_discoveryresponse_header_analysis

$ ls tags/ techniques/

idor honeypot broken_access_control api_versioning uuid decoy_flag sequential_id deprecated_endpoint expense_management numeric_id

idor_exploitationsequential_id_enumerationhoneypot_detectionapi_version_enumerationdeprecated_endpoint_discoveryresponse_header_analysis

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 99 — CashPilot — IDOR in Team Member Management— hackadvisor
[web][Pro]Lab 104 — CloudOps Copilot — AI SSRF via Infrastructure Tool Abuse— hackadvisor
[web][Pro]Lab 116 — InsightForge — IDOR via Undocumented Internal API— hackadvisor
[web][Pro]Lab 217 — PlanForge — Broken Authorization in Subscription Upgrade— hackadvisor
[web][Pro]Lab 115 — PulseChat — IDOR in Attachment Download— hackadvisor