1d0r | CYB3RM3

TASK 1 : What is an IDOR?

What does IDOR stand for?

Answer : Insecure Direct Object Reference

TASK 2 : An IDOR Example

What is the Flag from the IDOR example website?

Answer : THM{IDOR-VULN-FOUND}

TASK 3 : Finding IDORs in Encoded IDs

What is a common type of encoding used by websites?

Just read the text !

Answer : base64

TASK 4 : Finding IDORs in Hashed IDs

What is a common algorithm used for hashing IDs?

Answer : MD5

TASK 5 : Finding IDORs in Unpredictable IDs

What is the minimum number of accounts you need to create to check for IDORs between accounts?

You need to test 2 accounts and swap between those to test the access from one of them while beeing logged to the other one.

Answer : 2

TASK 6 : Where are IDORs located

Update me..

No Answer

TASK 7 : A Practical IDOR Example

What is the username for user id 1?

Create an account on the plateform and see what filed is prefilled on your profile. Then open developer tools and refresh the page. You can see now your customer id. You can open it in a new tab.

Answer : adam84

What is the email address for user id 3?

Answer : [email protected]