Portswigger Lab:User ID controlled by request parameter, with unpredictable IDs

https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice/access-control-apprentice/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids solution 1.Find a blog post by carlos. 2.Click on carlos and observe that the URL contains his user ID. Make a note of this ID. 3.Log in using the supplied credentials and access your account page. 4.Change the "id" parameter to the saved user ID. 5.Retrieve and submit the API key.