Hello guys!
Today we are going to talk about a very well known flaw called IDOR, this is a very simple flaw to exploit and very dangerous.
IDOR (Insecure Direct Object Reference) is a vulnerability that could allow unauthorized access to web pages or files. The most common case of IDOR is for an attacker to enumerate a predictable identifier, thereby gaining access to someone else’s data.
Understanding IDOR Vulnerability
A Direct Object Reference is a web application design method in which entity names are used to identify application-controlled resources that are passed in URLs or request parameters.
Generally, IDOR attacks are of two types:
- Body Manipulation. Attackers modify the value of a checkbox, radio buttons, and form fields. This lets them access information from other users with ease.
- URL Tampering. The URL is modified at the client’s end by tweaking the parameters in the HTTP request. HTTP verbs GET and POST are typically vulnerable to a URL tampering IDOR attack.
IDOR attack
In this pentest, all I had to do was change the id of the “aluno” in the request. This led me to reveal the users’ sensitive data.
Notice how the endpoint follows: /student/find-by-id/10
Very suggestive, no?! ( ͡~ ͜ʖ ͡~)
By changing the aluno number to 14, we were able to obtain data from other users without authorization.
Conclusion
IDORs are a dangerous vulnerability that can threaten the privacy of your users and the integrity of your application. But they can be reliably prevented by implementing indirect object references and robust access control.
That’s it for today folks, I hope you enjoyed the article and see you next time! =)
