[Pentester Academy] Web Application Security Challenge 10

First I Intercepted the request using Burp Proxy…

then response say’s to set session-id value to  1049 ………i request the page many times but it only responded with session -id between 1000-1100 …

so i used burp intruder and payload as the session-id value from 1000 to 1100and finally i found