Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
@Aquax1000 Nice question my friend. Actually, IDOR it is one of the most common bug on the internet, IDs shouldn't be always numbers but it can be a date format like 20240303 (YYYY DD MM) so next one is 20240403. You should understand how the IDs defines and they algo, if they are random string, you may look for another endpoint that leak user ID like the comment section, profile page, chat message and so... IDOR happen when you are able to read or modify other user's data and if you want to test in real life you have to create 2 or more accounts in your website and then test them manually using your users' ID and see what happen. 😇
Hey Popo , big fan here , i like the way you approach the lab , it feels like an organic way that anyone would first do the lab , loved your content and found it very helpful, can you do advance topics labs also please
Hello my friend 😊 thank you for words, I really appreciate it. I will do all the labs in Access Control. 😇 Please, don't forget to subscribe to my channel to be up to date for new videos 😊
Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN
Popo Finally uploaded :) 😁
Hello my friend 😄Happy to see you again. Enjoy the video 😊
@@popo_hack nowadays it's kinda difficult to get IDORs as it's not very common to see just numeric values. So what's your suggestion on finding IDORs
@Aquax1000 Nice question my friend. Actually, IDOR it is one of the most common bug on the internet, IDs shouldn't be always numbers but it can be a date format like 20240303 (YYYY DD MM) so next one is 20240403. You should understand how the IDs defines and they algo, if they are random string, you may look for another endpoint that leak user ID like the comment section, profile page, chat message and so...
IDOR happen when you are able to read or modify other user's data and if you want to test in real life you have to create 2 or more accounts in your website and then test them manually using your users' ID and see what happen. 😇
@@popo_hack oh thanks a lot popo 😁 as always
@Aquax1000 welcome 🙏
Hey Popo , big fan here , i like the way you approach the lab , it feels like an organic way that anyone would first do the lab , loved your content and found it very helpful, can you do advance topics labs also please
Hello my friend 😊 thank you for words, I really appreciate it. I will do all the labs in Access Control. 😇
Please, don't forget to subscribe to my channel to be up to date for new videos 😊