THM IDOR - grunt92/IT-Sec-WriteUps GitHub Wiki

What is an IDOR?

What does IDOR stand for?

Insecure Direct Object Reference

An IDOR Example

What is the Flag from the IDOR example website?

Deploy the Site. Click on the order confirmation and on the link given in the mail. After you clicked on the link you can change the number in the URL-bar to 1000 and press "Enter" to get the flag.

THM{IDOR-VULN-FOUND}

Finding IDORs in Encoded IDs

Finding IDORs in Encoded IDs

Base64

Finding IDORs in Hashed IDs

What is a common algorithm used for hashing IDs?

MD5

Finding IDORs in Unpredictable IDs

What is the minimum number of accounts you need to create to check for IDORs between accounts?

2

Where are IDORs located

Read the above.

No answer needed

A Practical IDOR Example

What is the username for user id 1?

Go to the website and register an account (Please don't use your actual credentials). After the account is registered and you are logged in go to "https://IP.p.thmlabs.com/api/v1/customer?id=1".

adam84

What is the email address for user id 3?

Go to "https://IP.p.thmlabs.com/api/v1/customer?id=3".

[email protected]