IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their Profiles
Hello friends :)
I am happy to write a blog again after finding an Insecure Direct Object Reference Vulnerability in Drexel University Subdomain.
So lets begin i just catched a Website after searching through a lot of subdomains where i can create an account and register with an Email.
After creating my Account i recognized something in the URL Parameter. At the End of the URL you can see an ID Parameter which stands for User Identification. I started trying different ID Numbers to check if i can reach any Users Profile and view sensitive Informations like Email Address, Name etc.
Here we go i was really able to fetch all the available Users by only changing the IDs in the URL and getting their Email Addresses, Name and also change their Informations.
After that i just fired Burp Intruder to start enumerating every possible ID Number to automate the Process and at the End i was able to get all valid Users including Email Address, username and changing Functionality of User Informations.
Finally i submitted this Vulnerability to the Drexel University CERT Team and they were able to validate the Vulnerability and send me an Acknoledgment Letter.
At the End i hope you enjoyed my Writeup and learned something new and hope hearing from you soon :) stay safe and have a nice day :)