Portswigger: User ID controlled by request parameter, with unpredictable user IDs Writeup
This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs. To solve the lab, find the GUID for carlos, then submit his API key as the solution. You can log in to your own account using the following credentials: wiener:peter Lab link. Login with the given username and password. …