Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)
Hello Guys!!
This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you will like it.
Arbaz Hussain get invitation to test one private program and find vulnerabilities with his team mates but he was busy with his work and selected me to test that program. So i would like to thank Arbaz for sharing site and Thanks to AqeelAsif for teaching me lots of stuff from which i was able to find 21 valuable vulnerabilities in 2-days in this program đ and received $3000 in CryptoCurrency!!
Recently i have conducted penetration testing of Popular Social Media Platform and Found lot of IDOR Vulnerabilities .
A direct object reference is likely to occur when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key without any validation mechanism which allows attackers to manipulate these references to access unauthorized data ~ TutorialPoint
https://www.owasp.org/index.php/Top_10_2010-A4-Insecure_Direct_Object_References
Without wasting more time i am directly going to write about vulnerabilities i have found in that program.
#1. IDORâââDeleting All Posts Of Website
When i have posted a status on my timeline and click on my post it redirects me to another page on which i was able to see my post id in URL.
So after seeing postid in url quickly i have logged in with Attackerâs Account and posted on timeline to check what i can do with this postid .
Due to improper validation of postid parameter at Server side leads to Delete All Posts On Website Remotely using IDOR Vulnerability at Following Endpoint .
on clicking *Delete the item* Option makes following Request to the server .
As you can see there is id parameter in POST Data values which is unique id of posts, So i tried changing value from Attackerâs postid to victimâs postid and it deleted Victimâs Post.
Again i thought if userid parameter is vulnerable and not validating at server side then i can find many IDORâs âŚâŚAnd i was right !! Luckily i was able to find 12-IDOR Vulnerabilities đ
#2. IDORâââChanging Anyoneâs Profile Picture
Due to improper validation of userid at Server side leads to Change anyoneâs Profile Picture Remotely using IDOR Vulnerability at Following Endpoint .
on clicking *Browse* Option and selecting image file and Clicking Upload makes following Request to server .
As you can see there is userid parameter in POST Data values which is unique id of user , So i tried changing it to another victim account userid value and it changed Victimâs Profile Picture .
#3. IDORâââChanging Anyoneâs Cover Picture
Due to improper validation of userid at Server side leads to Change anyoneâs Profile Picture Remotely using IDOR Vulnerability at Following Endpoint .
on clicking *Browse* Option and selecting image file and Clicking Upload makes following Request to server .
As you can see there is userid parameter in POST Data values which is unique id of user , So again i tried changing it to another victim account userid value and it changed Victimâs Cover Picture .
Whatâs next?? Any Option to Delete Profile Pic And Cover Pic? đ
Yes!! Again i have tested IDOR to Delete âProfile Pictueâ & âCover Pictureâ and all was working from my side. I was able to Delete âProfile Pictueâ & âCover Pictureâ of every user. So without wasting time on making POC Video i have reported the issue and got quick response within hours.
âi like quick responses so i boost up myself to test this program.â
Hope you like this follow other reports here
Discover more from Security Breached Blog
Subscribe to get the latest posts sent to your email.
Its an easy social đ