Room Link: Love Letter Locker
Let’s visit the website and analyse the interface.
we have sign in and login buttons as always we will register and new account.
let’s login now and find write a new letter
and let’s open it now
here in this link you can notice that the 3 in the link matches the letter number as well, so let’s try to change it and try to read the other letters.
and here we go there is an Insecure Direct Object Reference(IDOR) vulnerability in this website.
change the link number to 1 and you can see that we found out the flag.