🦕idor

http://foo.bar/somepage?invoice=12345

http://foo.bar/changepassword?user=someuser

http://foo.bar/showImage?img=img00011

http://foo.bar/accessPage?menuitem=12

https://www.example.com/settings/user/8201

1. Create two accounts if possible or else enumerate users first. 
2. Check if the endpoint is private or public and does it contains any kind of id param.
3. Try changing the param value to some other user and see if does anything to their account.
4. Done !!