What is insecure direct object reference (IDOR) ?

In this article, we are telling you about the insecure direct object reference, what is an insecure direct object reference or IDOR, and how this bug is found in a website.

Here we are telling you all this on websites made for your own setup and testing purpose. You can also use local host for your practice as well as use Owasp juice shop.

Here we are firstly telling you what is insecure direct object reference on localhost, after that you are telling you on live website, all this is being told to you for educational purpose.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

Also Read

For Loop and While Loop In Python ?

All in One Hacking tools for Hackers ?

Insecure direct object reference ?

To find the insecure direct object reference bug, first of all you should know what it is. Let’s know about the insecure direct object reference.

Insecure direct object reference is also called IDOR. This is a bug that you can find in a website by taking a bug bounty reward and also it is very easy to find the bug.

Like you have been told earlier about vulnerabilities like Buffer over flow attack, Directory path traversal, SQL Injection attack , so is the vulnerability of IDOR which is found in websites.

insecure direct object reference

As you can see in the image there is a user id 200 but it is also able to access the document of 205 user id, in such a case if it happens on any ecommerce website, you can think yourself what hackers can do.

Here hackers can login to the same account and change the user id and open another account easily, as you read this article well, you will understand yourself.

Here we are telling you two methods to find IDOR but it is not that there are only two methods to find IDOR and there are other methods by which IDOR vulnerability can be found.

Example of IDOR ?

First of all, you are being told a demo about IDOR, we have done all this by installing wordpress on localhost and also we have created two users to show you that you can understand all this easily.

insecure direct object reference

As you can see in the image, there is a user in front of you freelearningtech as well as you can see in the url userid you are getting 1 show as well as we have logout our account.

insecure direct object reference

In such a way, if we change the userid through the url itself, in such a way, if you have another user show, in this way you can say that this is the vulnerability of insecure direct object reference.

How to use Nessus Vulnerability Scanner ?

insecure direct object reference

As you can see here in the image, we had created only two users here, in such a way information about two users has been shown but as soon as user id 3 is done, there is no show of information of any kind of user

I hope that from this example you must have understood what is insecure direct object reference and how IDOR works in a website, we have told all this on the local website itself.

How to Find insecure direct object reference ?

Let us now tell you how to find insecure direct object reference bug on live website, here we are using only the website made for testing purpose and similar bug is done in bounty.

insecure direct object reference

Here, the name of the website that we are uice is owasp juice shop, you will get its link, first of all you have to login here as you can see in the image, this website shows something like this.

https://juice-shop.herokuapp.com/#/

After login, something gets open in front of you in this way, here you can login easily from gmail, this is done by creating an account in live website. You can also do this work by using burp suite.

How to use Burp Suite ?

As you can see in the image, you have to go to your basket option here, there can be cart on live website here, you have to do an inspect element like you do by right clicking.

insecure direct object reference

It shows you the user id in the option of the network as you can see in the image, here you can open this link in the new tab if the basket opens when you open it in the new tab.

insecure direct object reference

In this way, you can understand that this is a bug of insecure direct object reference, just like in the image here you can see that there is no open basket in such a way, there is no bug of insecure direct object reference here.

In the same way you can find the insecure direct object reference bug by using cookies as you have been told earlier in Cookies Hijacking attack how hackers use cookies.

Similar cookies can also be used to find insecure direct object reference bug. Here two accounts are created and the cookies are exchanged.

Just like suppose an account is freelearningtech and its cookies are like that one account is nanu and its cookies are such that insecure direct object reference to find bug, freelearningtech’s cookies are changed from nanu’s cookies.

If doing so opens the account of nanu without login, then you can say that it is a bug of insecure direct object reference, in this way hackers find IDOR

As you can see in the image, the use of cookies is not understandable when the normal user sees it, but when you deeply understand hacking, you understand how to use cookies in such a way.

https://jwt.io/

These cookies also contain the information of the user, as you can see in the image, we have copied the cookies and paste it into the website, in such a way, we have shown all the information inside the cookies here.

Just like there are two types of cookies, one is authorization and the other is cookies, in such a way, both cookies have to be changed from another account. How is this done? You cannot be told here for some security reasons.

The Conclusion

I hope now you can understand about insecure direct object reference, here we have practically told you about two methods to find insecure direct object reference bug.

Like you have been told here, in some kind of live website, insecure direct object reference bug is also found, there are other methods which are used to find IDOR Bug.

But those methods are done using burp suite, they are all advanced methods. Here we have told you in a simple way how hackers find insecure direct object reference bug.

If you want to keep getting more articles like this, then you must share our articles and also support us, you know how you can support. Subscribe our blog for latest updates.

If you have any questions related to any reference related to your insecure direct object or in such a way, you can ask in a comment as well as you can also tell on which topics you want articles.

Sharing is Caring

Thankyou

Be the first to comment

Leave a Reply

Your email address will not be published.


*