Insecure Direct Object References (IDOR)

Blogs / Articles / Write-ups:

https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
https://www.aon.com/cyber-solutions/aon_cyber_labs/finding-more-idors-tips-and-tricks/
https://portswigger.net/support/using-burp-to-test-for-insecure-direct-object-references

Looking for high impact IDOR? Always try to find the hidden parameters for this endpoints using Arjun and Parameth /settings/profile /user/profile /user/settings /account/settings /username /profile And any payment endpoint Thanks@Synack #bugbountytip #bugbountytips #Bugbounty

Tool:

https://github.com/0xsapra/fuzzparam

https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
https://16521092.medium.com/some-ways-to-find-more-idor-da16c93954e5
https://monke.ie/oauth-idor-pii/

PreviousAccount Takeover NextOpen Redirect

Last updated 3 years ago

Was this helpful?