IDOR

February 24, 2024

Task 1: What is an IDOR?

Task 2: An IDOR Example

Just click order confirmation

Then change the number of the invoice to 1000

Task 3: Finding IDORs in Encoded IDs

Task 4: Finding IDORs in Hashed IDs

Task 5: Finding IDORs in Unpredictable IDs

Task 6: Where are IDORs located

Task 7: A Practical IDOR Example

For this practical exam, we have to create a account first in the sign up section of the website

Then navigate to "Your Account" section of the page to see your details

After that you will go to network in the Developers tool and REFRESH the page so that it will display the api call of the website

As you can see here your ID number is 15 customer?id=15

Try changing the id to 1 and you will see other user's information