What is an IDOR? ~ Davinder Tutorials

Wednesday, October 5, 2022

What is an IDOR?

October 05, 2022 Davinder

IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability.

This type of vulnerability can occur when a web server receives user-supplied input to retrieve objects (files, data, documents), too much trust has been placed on the input data, and it is not validated on the server-side to confirm the requested object belongs to the user requesting it.

Example:

Imagine you've just signed up for an online service, and you want to change your profile information. The link you click on goes to http://davindertutorials.com/profile?user_id=1105, and you can see your information.

Curiosity gets the better of you, and you try changing the user_id value to 1000 instead (http://davindertutorials.com/profile?user_id=1000), and to your surprise, you can now see another user's information. You've now discovered an IDOR vulnerability! Ideally, there should be a check on the website to confirm that the user information belongs to the user logged requesting it.

No Comments

Davinder Tutorials

This blog is all about Cyber Security and IT

Wednesday, October 5, 2022

What is an IDOR?

0 comments:

Post a Comment

Vulnerabilities

About Me

Hack The Box Rank

Try Hack Me Rank

Popular Posts

Davinder Tutorials

This blog is all about Cyber Security and IT

Subscribe To

Wednesday, October 5, 2022

What is an IDOR?

0 comments:

Post a Comment

Vulnerabilities

About Me

Hack The Box Rank

Try Hack Me Rank

Popular Posts