IDOR is one of the common vulnerabilities found in bug bounty websites. Let's see how to easily catch them.
If you are not familiar with IDOR, then here is a quick refresher.
IDOR is a type of access control vulnerability, where the system uses the user input to access objects or resources. When a user can modify the reference that is used to access an internal object/resource that is restricted to that user, IDOR arises.
Let’s me put it in simple words with an example.
Let’s say that a school system uses a student’s unique number to retrieve personal information about the particular student. If a student provides a different unique number and retrieves info about a different student, it is an example of IDOR. Normally, the system will provide a way to limit the access for each user to his/her information. But when it doesn’t, IDOR vulnerability arises.
Let me tell you two of the most used extensions in finding IDOR.
This free-to-use burp extension could be the most popular tool when it comes to finding IDOR. Finding IDOR is a time-consuming task as you should check every resource present on the website. You should check the resources of a high-privileged user with the cookie details of a low-privileged one. And, Autorize helps you to do just that easily.
How to use it to find IDOR?
Autorize extension makes the task of requesting resources with different privileged users easy. Without this extension, you’d have to manually change the cookie detail on the browser. So this extension should be on your belt if you are looking for IDOR.
Multi-Account container is a free-to-use Firefox extension that lets you have separate tabs for different use. You can create multiple color-coded Firefox tabs using this extension. When you visit a site using one colored tab, the session data, cookie data, site preference, and ad-tracking data will be kept to that particular color tabs. These data will not be shared with other tabs of Firefox. It lets you separate your work, shopping, or personal browsing from each other.
Though this extension does not directly help to find IDOR, it helps to separate cookie data for different users in different colored tabs.
How it is used in IDOR?
You should use this feature in conjunction with the Autorize extension. These two will help you catch the IDOR more easily and quickly.
IDOR is my favorite kind of vulnerability, and I exclusively use only these two extensions in finding it. I have had success in finding IDOR using these two. If you are new to bug bounty, then you should start with finding IDOR using these extensions.
Follow me for more technical posts and give the post some claps if you find it useful.
Pro tip: You can 👏 up to 50 times on a post to show how much you liked it.