Chapter 2 Assignment
Exploit + patch an IDOR
The brief
In a fresh Grit project, create two users (A and B), one note owned by A. As B, attempt to PATCH and DELETE A's note. Document the exploit, then add the authorization check. Re-test — must return 403.
You've completed this when
- Exploit works initially (proves the bug)
- After patch, returns 403
- Test added so a regression fails CI
Worked through every criterion?
Push your code to GitHub, paste the link in your notes.md, and move on.
Continue to ch.3: Injection & SSRF