Today I found an interesting IDOR vulnerability.

Steps:

  1. Intercept request
  2. Change user ID
  3. Access another account