Portswigger - Access Control - Lab #9 Insecure direct object references (IDOR)

แชร์
ฝัง
  • เผยแพร่เมื่อ 24 ธ.ค. 2024

ความคิดเห็น • 9

  • @popo_hack
    @popo_hack  3 หลายเดือนก่อน

    Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN

  • @Aquax1000
    @Aquax1000 3 หลายเดือนก่อน +1

    Popo Finally uploaded :) 😁

    • @popo_hack
      @popo_hack  3 หลายเดือนก่อน +1

      Hello my friend 😄Happy to see you again. Enjoy the video 😊

    • @Aquax1000
      @Aquax1000 3 หลายเดือนก่อน

      @@popo_hack nowadays it's kinda difficult to get IDORs as it's not very common to see just numeric values. So what's your suggestion on finding IDORs

    • @popo_hack
      @popo_hack  3 หลายเดือนก่อน +1

      @Aquax1000 Nice question my friend. Actually, IDOR it is one of the most common bug on the internet, IDs shouldn't be always numbers but it can be a date format like 20240303 (YYYY DD MM) so next one is 20240403. You should understand how the IDs defines and they algo, if they are random string, you may look for another endpoint that leak user ID like the comment section, profile page, chat message and so...
      IDOR happen when you are able to read or modify other user's data and if you want to test in real life you have to create 2 or more accounts in your website and then test them manually using your users' ID and see what happen. 😇

    • @Aquax1000
      @Aquax1000 3 หลายเดือนก่อน

      @@popo_hack oh thanks a lot popo 😁 as always

    • @popo_hack
      @popo_hack  3 หลายเดือนก่อน +1

      @Aquax1000 welcome 🙏

  • @Iconoclast601
    @Iconoclast601 3 หลายเดือนก่อน +1

    Hey Popo , big fan here , i like the way you approach the lab , it feels like an organic way that anyone would first do the lab , loved your content and found it very helpful, can you do advance topics labs also please

    • @popo_hack
      @popo_hack  3 หลายเดือนก่อน +1

      Hello my friend 😊 thank you for words, I really appreciate it. I will do all the labs in Access Control. 😇
      Please, don't forget to subscribe to my channel to be up to date for new videos 😊