This article provides an overview of Insecure Direct Object Reference (IDOR) vulnerabilities, exemplifying how attackers can exploit them through user-modifiable requests. It includes practical tasks for detecting IDORs in different contexts, like encoded, hashed, and unpredictable IDs, as well as their common locations within web applications. Affected: online services, web applications
Keypoints :
- IDOR stands for Insecure Direct Object Reference, a type of access control vulnerability.
- IDOR vulnerabilities occur when user input is not properly validated on the server side.
- An example of IDOR is changing a user ID in a URL to access another userβs profile information.
- Common encoding techniques used in web applications include base64 encoding.
- For hashed IDs, MD5 is a commonly used hashing algorithm.
- IDOR detection can be done by creating multiple accounts and swapping IDs to access content.
- Potential IDOR locations may not always be visible in the address bar and can be hidden in AJAX requests or JavaScript files.
- Practical tasks include logging into an account and investigating how user information is retrieved from a server endpoint.
MITRE Techniques :
- T1068: Exploitation for Client Execution β Using URL manipulation to exploit IDOR vulnerabilities to gain unauthorized access to user data.
- T1071.001: Application Layer Protocol: Web Protocols β Using HTTP requests to exploit IDOR by manipulating user IDs in GET parameters.
- T1222: Application Layer Protocol: Web Services β Identifying IDOR vulnerabilities in AJAX requests via unauthorized access.
Indicator of Compromise :
- [URL] http://online-service.thm/profile?user_id=1305
- [URL] http://online-service.thm/profile?user_id=1000
- [Email Address] [email protected]
- [Hash] 202cb962ac59075b964b07152d234b70
- [Flag] THM{IDOR-VULN-FOUND}
Full Story: https://infosecwriteups.com/idor-tryhackme-walkthrough-0a38ddc37694?source=rssβ-7b722bfd1b8dβ4