mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00

History

Swissky cd19bb9409 Business Logic Errors + Mass Assignment		2023-07-09 13:01:03 +02:00
..
Images	Command injection rewritten	2019-04-21 19:50:50 +02:00
README.md	Business Logic Errors + Mass Assignment	2023-07-09 13:01:03 +02:00

README.md

Insecure Direct Object References

Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files. - OWASP

Tools

Exploit

For instance, consider a URL like https://example.com/account?userid=123. In this case, 123 is a direct object reference to a specific user's account. If the application doesn't properly check that the logged-in user has the right to access the account related to userid=123, then any user could potentially change the userid in the URL to access other users' accounts.

The value of a parameter is used directly to retrieve a database record.

http://foo.bar/somepage?invoice=12345

The value of a parameter is used directly to perform an operation in the system

http://foo.bar/changepassword?user=someuser

The value of a parameter is used directly to retrieve a file system resource

http://foo.bar/showImage?img=img00011

The value of a parameter is used directly to access application functionality

http://foo.bar/accessPage?menuitem=12

IDOR Tips

Change the HTTP request: POST → PUT
Change the content type: XML → JSON
Increment/decrement numerical values (1,2,3,..)
GUID/UUID might be weak
Transform numerical values to arrays: {"id":19} → {"id":[19]}

Examples

Labs

PortSwigger - Insecure direct object references