Skip to main content

Do IDOR( Insecure direct object references ) Exists Everywhere ?


Hello everyone,
 
As infosec community has given me so much so i also plan to contribute in it
Also take it as a tip , i guess you can learn and report something out of it .



For those who don't know what IDOR is.

Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly.

 Explanation of IDOR
 

Lets's assume a user has a user_id 123
so he access his/her account by visiting this link
https://xxxx/profile/123

He change user_id to 456
https://xxxx/profile/456
and he can get details of 456

So that is IDOR in simple terms.
 


 What was the bug exactly

So I was hunting on a company website and i subscribed for its alerts.
So i reported some bugs that some performed good and some were duplicates.

On late evening i got a mail from that company of some errors they fixed. From that mail i clicked on unsubscribe button ( I don't know why)

 It redirected me to their one of subdomains http://subdomain.target.com/unsubscribe/RKqUAQMAAW6guiHTrzqjsOMmq3Ysmw==

So when i click on unsubscribe button on that page i got unsubscribed from it.

First i think of it as base64  and tried to decode it but it wasn't base64.

Interesting as they was no authentication on it and everyone with the encrypted values can unsubscribe.

 So i created the another account clicked on unsubscribe it took me to http://subdomain.target.com/unsubscribe/ZKqUAQMAAW6guiHTrzqjsOMmq3Ysmw== 

So as you can see 

RKqUAQMAAW6guiHTrzqjsOMmq3Ysmw==
ZKqUAQMAAW6guiHTrzqjsOMmq3Ysmw== 

Only diff is in first digit 

I replaced that single digit with random alphabet and boom i was able to unsubscribe anyone.

 So I read js files of that program and came to know that i can also subscribe anyone by appending this to url action=subscribe&submit=Subscribe



  Timeline:
  1. Report Send
  2. Bounty Awarded 0$

 As data was not confidential and their was no leakage so i was awarded 0$ for it but i was glad to explore this side also.
 


 

Comments

Post a Comment

Popular posts from this blog

Solve http://xss-game.appspot.com/ Without Actually Solving It

First install web extension EditThisCookie from  http://www.editthiscookie.com/ Then open http://r00tz-web-intro.appspot.com/rootz And solve all challenges in it. They are all damn easy. when you have solved all levels in it and paste it's cookies in  http://xss-game.appspot.com/ and refresh the home page. And you will see that you have completed all the levels.
Post a Comment
Read more

Want a P5 bug or escalate it to P3 or P4

Hello Everyone, Many months back when i was testing on hackerone and i came across Jenkins instance. So first and foremost i did directory bruteforce and found interesting thing  on Jenkins instance i reported it got closed as informational as it was a VDP (was noob back there) I came across some more programs on jenkins instance and same error also appeared there . So i searched for more instances and it was working on all of then. What was the issue? Let's say target.com is jenkins instance so if we hit http://target.com/assets/ It throws stack error giving us instance information REPORTED I reported this to jenkins https://www.jenkins.io/security/ and after some days i recieved a  mail   I was so glad that i was going to get CVE in my pocket. BUT unfortunately So i guess i wasn't getting any CVE So if anyone want any information about instance or plugins feel free to use above method if not fixed Here's Jira issue https://issues.jenki...
Post a Comment
Read more

How To Access Dark Web Using Tor

First of all accessing Dark Web is not illegal .Here we remain anonymous and share information.But there are some sites which are not meant to be open in Dark web.Until and Unless you use it wisely ,You are safe and secured. First dowload it tor browser: Here's the link- https://www.torproject.org/download/download-easy.html.en Then install it.according to your settings. If your college/University blocks tor,then use bridge in it. :-Choose connect if connection is not blocked :-Choose configure if it is blocked :-Click Yes and then Next :-use any of the bridges to connect and click Next :-Check if your computer uses local proxy in internet settings :-after that click Connect :-Wait for few seconds and     finally it will be open Use any vpn with it for more security and then go to onion websites and explore. Follow these links for more information: https://www.deepweb-sites.com/               ...
Post a Comment
Read more