ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-20 03:16:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Account Takover [1]

Browse Source 
Create account IDOR (Insecure direct object references) tips and add 9 tips
This commit is contained in:
Muhammad Daffa 2020-09-04 17:41:20 +07:00 committed by GitHub
parent d5aeb8dae8
commit 233ec1f5b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 99 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
IDOR.md Normal file
View File

@ -0,0 +1,99 @@
## IDOR (Insecure Direct Object Reference)
1. Add parameters onto the endpoints for example, if there was
```html
GET /api/v1/getuser
[...]
```
Try this to bypass
```html
GET /api/v1/getuser?id=1234
[...]
```
2. HTTP Parameter pollution
```html
POST /api/get_profile
[...]
user_id=hacker_id&user_id=victim_id
```
3. Add .json to the endpoint
```html
GET /v2/GetData/1234
[...]
```
Try this to bypass
```html
GET /v2/GetData/1234.json
[...]
```
4. Test on outdated API Versions
```html
POST /v2/GetData
[...]
id=123
```
Try this to bypass
```html
POST /v1/GetData
[...]
id=123
```
5. Wrap the ID with an array.
```html
POST /api/get_profile
[...]
{"user_id":111}
```
Try this to bypass
```html
POST /api/get_profile
[...]
{"id":[111]}
```
6. Wrap the ID with a JSON object
```html
POST /api/get_profile
[...]
{"user_id":111}
```
Try this to bypass
```html
POST /api/get_profile
[...]
{"user_id":{"user_id":111}}
```
7. JSON Parameter Pollution
```html
POST /api/get_profile
[...]
{"user_id":"hacker_id","user_id":"victim_id"}
```
8. Try decode the ID, if the ID encoded using md5,base64,etc
```html
GET /GetUser/dmljdGltQG1haWwuY29t
[...]
```
dmljdGltQG1haWwuY29t => victim@mail.com
9. If the website using graphql, try to find IDOR using graphql!
```html
GET /graphql
[...]
```
```html
GET /graphql.php?query=
[...]
```