We covered Insecure Direct Object Reference Vulnerability and how to exploit it.
What is an IDOR?
IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability.
This type of vulnerability can occur when a web server receives user-supplied input to retrieve objects (files, data, documents), too much trust has been placed on the input data, and it is not validated on the server-side to confirm the requested object belongs to the user requesting it.
Challenge Questions and Answers
What does IDOR stand for?
What is the Flag from the IDOR example website?
What is a common type of encoding used by websites?
What is a common algorithm used for hashing IDs?
What is the minimum number of accounts you need to create to check for IDORs between accounts?
hat is the username for user id 1?
What is the email address for user id 3?