// Challenge 03 / 05
The
Accountant
This internal invoicing system allows users to retrieve financial records through an API by providing an invoice ID. The application is part of an internal finance dashboard where different users have access to different invoices.
Objective: Retrieve an invoice that is not intended
to be accessible. Investigate how access to invoice data is controlled
and obtain the hidden flag from a restricted resource.