# CopyPasta

Level: Easy\
Points: 10\
Type: Daily Challenge

Lab Interface

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FqqjIhUhta23gyzB3z1dE%2Fimage.png?alt=media&#x26;token=b5b41cf3-52a2-4189-b827-1d2f0fb14d16" alt=""><figcaption></figcaption></figure>

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FrBMVP0pzoMSIwYRgaLJe%2Fimage.png?alt=media&#x26;token=d17622de-62e3-4082-98f4-f9f34400dec2" alt=""><figcaption></figcaption></figure>

We have option to create new snippet

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FMIGNR0YG83bpsSLBqkMk%2Fimage.png?alt=media&#x26;token=030487c9-3906-42cd-abc2-ccf9a7e7c1b7" alt=""><figcaption></figcaption></figure>

Key thing here is the ability to make our new snippet private/public. This feature gives us idea about possible IDOR vuln.

To check this, I created another account. In the 1st account I created a private snippet and from 2nd account I was able to view it.

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FQsh2w8E3sFeGTbHtOcWe%2Fimage.png?alt=media&#x26;token=8797f096-720c-4e81-97e3-f1f5cfbf9cea" alt=""><figcaption></figcaption></figure>

```
bug{8i9A3cgr4kq2FOgDGGjhBKcayrZUuhsS}
```