PayloadsAllTheThings/Insecure Direct Object References
Fabian S. Varon Valencia 9128b183d3 update link URL
2022-10-24 12:28:31 -05:00
..
Images Command injection rewritten 2019-04-21 19:50:50 +02:00
README.md update link URL 2022-10-24 12:28:31 -05:00

Insecure Direct Object References

Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files. - OWASP

Summary

Tools

  • Burp Suite plugin Authz
  • Burp Suite plugin AuthMatrix
  • Burp Suite plugin Authorize

Exploit

https://lh5.googleusercontent.com/VmLyyGH7dGxUOl60h97Lr57F7dcnDD8DmUMCZTD28BKivVI51BLPIqL0RmcxMPsmgXgvAqY8WcQ-Jyv5FhRiCBueX9Wj0HSCBhE-_SvrDdA6_wvDmtMSizlRsHNvTJHuy36LG47lstLpTqLK

The value of a parameter is used directly to retrieve a database record.

http://foo.bar/somepage?invoice=12345

The value of a parameter is used directly to perform an operation in the system

http://foo.bar/changepassword?user=someuser

The value of a parameter is used directly to retrieve a file system resource

http://foo.bar/showImage?img=img00011

The value of a parameter is used directly to access application functionality

http://foo.bar/accessPage?menuitem=12

Examples

Labs

References