![](\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2021\/08\/IDOR-1024x573.png\" "\\"IDOR")
<\/p>\n<\/p>\n
\u00a0<\/strong>IDOR stands for Insecure Direct Object Reference <\/strong>occurring when an application displays an indication of an internal object in an unsafe manner. Whenever a user generates, sends an HTTP request<\/a>, or receives a request from a server, there are parameters such as \u201cID\u201d, \u201cUID\u201d, \u201cPID\u201d etc. that have certain unique values that the user has been assigned. An attacker may detect such parameter values in HTTP paths, cookies, and headers. With this, the attacker can tamper with other privileges of user data and this interference can lead to Insecure Direct Object Reference Vulnerability.<\/p>\n Figure 1: IDOR Flow<\/strong><\/p>\n <\/p>\n HTTP defines a set of request methods to indicate the desired action to be used for a given service. In simple terms “It is a method of communication between server-side and client-side”<\/p>\n Figure 1.1: HTTP Methods<\/strong><\/p>\n In general, Insecure Direct Object Reference (IDOR) has three types of attack vectors:<\/p>\n <\/p>\n Here we can see how Insecure Direct Object Reference (IDOR) works in the modern web application, we test PortSwigger lab for this attack.<\/p>\n This is the official URL: https:\/\/acc91f8f1f83a99b805b1001001c0052.web-security-academy.net<\/a> to access the lab.<\/p>\n For solving this lab, we need to get the password of CARLOS via IDOR vulnerability.<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n References:<\/strong>\u00a0<\/strong><\/p>\n \u00a0<\/strong><\/p>\n Author,<\/p>\n Rituraj Vishwakarma<\/strong><\/p>\n Attack & PenTest Team<\/p>\n Varutra Consulting Pvt. Ltd<\/p>","protected":false},"excerpt":{"rendered":" What is an Insecure Direct Object Reference (IDOR) Risk? \u00a0IDOR stands for Insecure Direct Object Reference occurring when an application displays an indication of an…<\/p>\n","protected":false},"author":4,"featured_media":15654,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[272],"tags":[482,481,480,341,435],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t![\"Insecure](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/IDOR-Flow.png\")
<\/p>\nWhat are HTTP methods and what are they used for?<\/strong><\/h3>\n
![\"HTTP](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/HTTP-Methods.png\")
<\/p>\n\n
\n
![\"Insecure](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/IDOR-works-in-the-modern-web-application.png\")
<\/p>\n\n
![\"Click](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/1.-Click-on-live-chat-button..png\")
<\/p>\n\n
![\"Click](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/2.-Click-on-send-button-and-observe-messages..png\")
<\/p>\n\n
![\"Click](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/3.-Click-on-view-transcript-and-capture-the-request-in-Burpsuite.png\")
<\/p>\n\n
![\"Forward](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/4.-Forward-this-request..png\")
<\/p>\n\n
![\"After](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/5.-After-forward-we-will-get-this-endpoint-path-download-transcript-txt.png\")
<\/p>\n\n
![\"Change](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/6.-Change-the-endpoint-path-3.txt-to-1.txt-and-forward-it..png\")
<\/p>\n\n
![\"Now](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/7.-Now-as-we-can-see-we-are-successfully-able-to-download-the-1.txt-file-of-CARLOS..png\")
<\/p>\n\n
![\"Open](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/8.-Open-this-txt-file-and-we-can-see-the-CARLOS-password-in-it..png\")
<\/p>\n\n
![\"Now](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/9.-Now-try-to-login-with-CARLOS-account-using-this-password..png\")
<\/p>\n\n
![\"As](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/10.-As-you-can-see-I-am-successfully-able-to-login-into-the-CARLOS-account-and-solved-the-challenge..png\")
<\/p>\nImpact of the Insecure Direct Object Reference Vulnerability:<\/strong><\/h3>\n
\n
Mitigation of the Insecure Direct Object Reference Vulnerability:<\/strong>\u00a0<\/strong><\/h3>\n
\n
\n