GitHunt
DA

Dallihunter/root-me-web-writeups

Web security practice through Root-Me challenges, with detailed write-ups.

api-securityauthorizationbroken-access-controlch88ctfidorowasp-top-10pentestingroot-mesecurity-writeupsswagger-apiweb-security

Root-Me Web Challenge Write-ups

This repository contains my personal write-ups for Root-Me web challenges.
The goal is to document my learning process and methodology while practicing web application security.
The main focus is on access control issues such as IDOR, broken authorization, and related web vulnerabilities.

Repository Structure

  • web-client/
    • idor-basic/
      • writeup.md
  • web-server/
    • access-control/
      • writeup.md

Methodology

For each challenge, I follow a simple and consistent approach:

  • Understand the application logic and user roles
  • Identify user-controlled inputs and objects
  • Test authorization and access control boundaries
  • Document findings with clear reproduction steps and impact analysis

Disclaimer

All write-ups are for educational purposes only.
The challenges are hosted by Root-Me and solved in a legal and authorized environment.

Contributors

DA
Created January 6, 2026
Updated January 24, 2026