# IDOR
### \[#] IDOR Example :
* `if you login to url` [`http://online-service.thm/profile?user_id=1305`](http://online-service.thm/profile?user_id=1305)`, and change id=1000 , and now you can access the account of user 1000 . Then it is a IDOR vulnerability.`
## `1]` Finding IDORs in Encoded IDs :
* When data is passed through web , the raw data, query strings, or cookies are first encoded and then sent.
* Encoding is mostly done in `BASE64` and For passing credentials and parameters `Hashing` also can be used.
* [https://crackstation.net/ ](https://crackstation.net/) For HASH Database matching.
* For Base64 encoding & decoding .
## 2] **Unpredictable IDs & Where are they located?**
* The vulnerable endpoint you're targeting may not always be something you see in the address bar. It could be content your browser loads in via an AJAX request or something that you find referenced in a JavaScript file. Can compare 2 account logged-in URL.
* For example, you may notice a call to **/user/details** displaying your user information (authenticated through your session). But through an attack known as parameter mining, you discover a parameter called user\_id that you can use to display other users' information, for example, **/user/details?user\_id=123**.
## 3] EXAMPLE :
* Here i logged-in my account and gone to YOUR\_ACCOUNT tab , When YOUR\_ACCOUNT page opens we can see that my username , email are preloaded in this page.
* This means this page is getting this data from somewhere with my account id OR some other reference number are feeding into YOUR\_ACCOUNT page fields.
* When we go to NETWORK TAB in developer tools and refresh the page , we see HTTP REQUESTS , one of which is `customer?id=15` meaning id=15 data is being fetch for this page by webserver.
* Double clicking on it will take you to JSON panel  .. Here we can tamper the URL -=> 
##
