Mirage Track

Level 6 → Level 7

Other People's Objects
350 pts+50 first-blood bonus

Objective

Parcelo. Object references with no ownership check — read the shipments that aren't yours (IDOR/BOLA).

How to play

Open the target in your browser, find the flaw, and exploit it. On success the page reveals the login for the next level — that password is this level's flag. Submit it on the track page (or /submit) to bank the points.

Target

Log in as l6 with the password you captured on the previous level, then:
https://mirage-l6.breachlab.org
Open target ↗
🩸
First Blood captured by
ACTIVE RECORD