Insecure Direct Object References
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.
Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks.
How to Test
- Map out all locations in the application where user input is used to reference objects directly.
- The best way to test for direct object references would be by having at least two or more users to cover different own objects and functions.
- The value of a parameter is used directly to retrieve a database record.
- The value of a parameter is used directly to perform an operation in the system.
- The value of a parameter is used directly to retrieve a file system resource.
-
- The value of a parameter is used directly to access application functionality.
This is a vulnerable web page where you can discover a IDOR vulnerability and learn something new techniques
CAUTION: This is an intentionally broken web application. Please do NOT use any real information
In this URL, as you can see here. Here the number has been used for any one profile and here we can consider it as an object.
Let's intercept this page via burp suite and sent to the intruder tab.
The number we have taken as a object will be add mark...so lets hightlight the number and click on add button.
Now what we are doing!! so lets change the payload type thats means we select a numbers in Pyload set and after doing, we will add numbers from 1 to 100 and whatever as you want. okay!!
So in Payload Options[Numbers] we will add a number from 1 and for to 1000 and we will leave the other options as it as.
Finally Click on start attack.
So as you can there's response are 200 thats mean OK!!
We can see that after changing this objective value, the profile is getting changed due to which we are able to visit the profile of other user without login.
Click here for more information
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.
- Hacking Truth by Kumar Atul Jaiswal