🤨IDOR

IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability. This type of vulnerability can occur when a web server receives user-supplied input to retrieve objects

[#] IDOR Example :

• if you login to url http://online-service.thm/profile?user_id=1305, and change id=1000 , and now you can access the account of user 1000 . Then it is a IDOR vulnerability.

1] Finding IDORs in Encoded IDs :

• When data is passed through web , the raw data, query strings, or cookies are first encoded and then sent.

• Encoding is mostly done in BASE64 and For passing credentials and parameters Hashing also can be used.

• https://crackstation.net/ For HASH Database matching.

• https://www.base64decode.org/ For Base64 encoding & decoding .

2] Unpredictable IDs & Where are they located?

• The vulnerable endpoint you're targeting may not always be something you see in the address bar. It could be content your browser loads in via an AJAX request or something that you find referenced in a JavaScript file. Can compare 2 account logged-in URL.

• For example, you may notice a call to /user/details displaying your user information (authenticated through your session). But through an attack known as parameter mining, you discover a parameter called user_id that you can use to display other users' information, for example, /user/details?user_id=123.

3] EXAMPLE :

• Here i logged-in my account and gone to YOUR_ACCOUNT tab , When YOUR_ACCOUNT page opens we can see that my username , email are preloaded in this page.

• This means this page is getting this data from somewhere with my account id OR some other reference number are feeding into YOUR_ACCOUNT page fields.

• When we go to NETWORK TAB in developer tools and refresh the page , we see HTTP REQUESTS , one of which is customer?id=15 meaning id=15 data is being fetch for this page by webserver.

• Double clicking on it will take you to JSON panel .. Here we can tamper the URL -=>