Hey Cyberpunks, I hope you all are doing great in your life. And as you are here you’ll definitely get to know a new perspective to hunt for IDOR’s. Stay motivated, keep yourself connected to my words & I promise that we’ll cover almost everything you need to know about this Vulnerability.
Note: I will keep the topic as simple as possible and try to explain it in layman’s language. So that you’ll be able to grasp the roots of the vulnerability, and find those bugs in your targets to make them more secure and earn bounties.
I will use abbreviation for Insecure Direct Object Reference as IDOR.
This is one of the simplest bug that you can lookout for in an Web Application, & here you are to hunt for the same. IDOR in layman’s language is referring to some other object which we are not authorized or intended to refer. This process in which you insecurely get access to someone’s data is basically known as IDOR. The most important requirement for this vulnerability to exist is that it requires two account.
Now you’ll be like :- LOL😂 We know that Kaps!!! Only then you can refer someone’s account.
Ethical kaps : Okay !okay! But I have to take care of everyone. 😜
Yes!!!! this is what IDOR is. I’ll not give you any formal definition as it is available all over the web. I want you to understand the concept and make it stronger.
Enough of theory!!!!!!!! Let’s jump straight into action.😍
Let’s take a simple example to understand this more clearly. Suppose you are accessing any URL which is like :
Here I noticed the uuid parameter that looked interesting to me. But it seems to be encrypted in some form. So, I tried to decrypt it and I got to know that it was encrypted in Base64. So the value of uuid was 10002. Booommm!!!! & now when I tried to manipulate the uuid with some other random number. I got the access to some other person’s personal info.😍
My Personal Experience:- When I hunted this bug, I had words with one of the developer to ask for the status. And you’ll be amazed how he patched it😂. He literally just encoded the plain text to Base64 and said I have patched the bug. You’ll be amazed to know that many developers still consider Base64 as a good encryption algorithm. But as a Hacker we know its just like opening a door by our pinky finger. 🤣
Note:- This is one of the easiest bug and the one that can have huge impact(Even Critical).Depending upon the case. That’s why they are considered as gems for beginners.
Let’s say there are two accounts. Account A & Account B. Check all the endpoints where these both accounts are linked to each other. It may be their id’s, permissions, level of access etc. It may be anything. The point here is to check every point.
Rest, it all depends on your creativity. I never believe in restricting a person to some bullet points. There may be another ways that I haven’t listed that’s upto you. Use logics and try to be creative.
So, this is it for this Article I hope you enjoyed it. I will come back to you with another beautiful bug. Till then, take care and Keep Hunting for good. Keep Digging and learning new stuffs.😎🤞
If you like the content then, you can support me over here :- @buymeacoffee.com/ethicalkaps
See you in the next Article. Until then Cherish your life. Peace! ❤
You can Follow me on Twitter, on Spotify to listen my writeups and on Instagram.