Nordic0x539s » WebApp Hacking Techniques » Insecure Direct Object Reference (IDOR) » Explanation of a simple IDOR

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Linear Mode
Explanation of a simple IDOR
xoredserpent Offline
Moderator
*****
Posts: 13
Threads: 13
Joined: Apr 2022
Reputation: 0
#1
Information  04-10-2022, 04:31 PM
Exploiting Insecure Direct Object Reference (IDOR) is a simple yet effective technique that could be very effective especially in combination with other techniques ex some header manioulation. So IDOR as an example we make a request that is http://nordicbank.com/account?id=1234 we will get the profile of the persons account which the id is 1234. After that we can then send another request which could be for example http://nordicbank.com/account?id=1235 if there is no authentication on the server side we would receive the account belonging to id 1235.
Find
Reply


Messages In This Thread
Explanation of a simple IDOR - by xoredserpent - 04-10-2022, 04:31 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)