# \[Day 14] Web Applications Today I am reviewing OWASP's top 10 vulnerabilities and specifically the IDOR vulnerability. First I log into the web application with the given credentials. ![](https://850580359-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSqAgfe92W3tM8LBhIHHu%2Fuploads%2Ftr0B9b2IpERbRmxdPWWe%2Fimage.png?alt=media\&token=34923f24-5dfc-4830-a467-d4a7af40e262) Next, I increment the values in the URL. ![](https://850580359-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSqAgfe92W3tM8LBhIHHu%2Fuploads%2F7xa9T4UGMvhrNjHTrzTP%2Fimage.png?alt=media\&token=28a5debc-411c-4cc0-a58d-8e0dbbe3fa75) Once I find that flag I inspect the webpage and find an /images directory. I paste that information into the browser and increment/decrement the values in the URL. I am then granted the flag for this challenge. ![](https://850580359-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSqAgfe92W3tM8LBhIHHu%2Fuploads%2FGgNzoAQcnDwmAHHuYxsE%2Fimage.png?alt=media\&token=2a8764a7-c629-4d9d-9e9f-0f217e5e173e) Here is my sad drawing that illustrates the IDOR vulnerability being used in different folders from the web application. Since we cannot retrieve the flag from the same directory, we have another known directories /images found from inspecting the webpage. ![](https://850580359-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSqAgfe92W3tM8LBhIHHu%2Fuploads%2FaSNsIXo8uFSV5XNM2tbM%2Fimage.png?alt=media\&token=f2058949-9057-4478-8e77-9cd6494c1794) ## Flags ### What is the office number of Elf Pivot McRed? 134 ### Not only profile pages but also stored images are vulnerable. Start with a URL of a valid profile image; what is the hidden flag? THM{CLOSE\_THE\_DOOR} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://morell-tony.gitbook.io/home/capture-the-flag/tryhackme/thm-overview/advent-of-cyber-2022/day-14-web-applications.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.