Abbiamo coperto Insecure Direct Object Reference Vulnerability and how to exploit it.

What is an IDOR?

IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability.

This type of vulnerability can occur when a web server receives user-supplied input to retrieve objects (files, data, documents), too much trust has been placed on the input data, and it is not validated on the server-side to confirm the requested object belongs to the user requesting it.

Ottieni le note sul certificato OSCP

Domande e risposte della sfida

What does IDOR stand for?
What is the Flag from the IDOR example website?
What is a common type of encoding used by websites?
What is a common algorithm used for hashing IDs?
What is the minimum number of accounts you need to create to check for IDORs between accounts?
hat is the username for user id 1?

What is the email address for user id 3?

Video walk-through

Circa l'autore

Creo note sulla sicurezza informatica, note di marketing digitale e corsi online. Fornisco anche consulenza di marketing digitale, inclusi ma non limitati a SEO, annunci Google e Meta e amministrazione CRM.

Visualizza articoli