From ddf80dbdd70d6d2656c8def15728fb171f4ebb69 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+MD15@users.noreply.github.com>
Date: Wed, 9 Sep 2020 22:01:15 +0700
Subject: [PATCH] IDOR [4]

Add 1 IDOR tips
---
 IDOR.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/IDOR.md b/IDOR.md
index c337f63..436294d 100644
--- a/IDOR.md
+++ b/IDOR.md
@@ -100,4 +100,13 @@ GET /graphql.php?query=
 [...]
 ```
 
+10. MFLAC (Missing Function Level Access Control)
+```
+GET /admin/profile
+```
+Try this to bypass
+```
+GET /ADMIN/profile
+```
+
 Source: [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup!