07 Lab: User ID controlled by request parameter with data leakage in redirect