BOOK THIS SPACE FOR AD
ARTICLE ADHello guys 👋 I’ve returned with yet another article, but this one is a series on vulnerabilities that I found, reported, and received a reward for.
Insecure direct object reference occur when an application provide direct access to object based on user-supplied input. As a result of this vulnerability attacker can bypass authorization and access resources in the system directly for example database records or files.
This type of vulnerability occurs when a web server receives user-supplied input to retrieve objects (files, data, documents), and it is not validated on the server side to confirm the requested object belongs to the user requesting it.
Unauthorized access can have disastrous consequences for individuals, businesses, and even national security.An attacker who exploits IDOR may gain access to user data, personal records, financial information, and even administrative controls.IDOR vulnerabilities can have significant consequences. It has the potential for compromising sensitive information’s confidentiality, integrity, and availability.Now let’s get to the main point
So, since I am not allowed to reveal the program, let’s assuming the target is example.com. Initially, I couldn’t find any issues with the domain, so I intercepted all traffic using a proxy tool and discovered an id parameter for one of the CRUD operations.
Initially, I created two accounts (victim and attacker).
1. There was a update existing applicant details screen after logging.
2. After intercepting using burpsuite, forwarded the request to the repeater for analysis.
3. Now I modified the request’s id value (attacker id=4567 with victim id=3456) and added new information before sending it.
4. BOOM..😍💥💥, I was able to successfully update the email address and other information of the victim.
5. Then, I clicked on forgot password and changed the password using the email id.
6. Thus, the account has been completely taken over and the victim will never be able to access his account.