This repository contains my personal write-ups for Root-Me web challenges. The goal is to document my learning process and methodology while practicing web application security. The main focus is on access control issues such as IDOR, broken authorization, and related web vulnerabilities.
- web-client/
- idor-basic/
- writeup.md
- idor-basic/
- web-server/
- access-control/
- writeup.md
- access-control/
For each challenge, I follow a simple and consistent approach:
- Understand the application logic and user roles
- Identify user-controlled inputs and objects
- Test authorization and access control boundaries
- Document findings with clear reproduction steps and impact analysis
All write-ups are for educational purposes only. The challenges are hosted by Root-Me and solved in a legal and authorized environment.