How I made 1k in a day with IDORs! (10 Tips!)
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- IDORs are some of my favourite bugs, I love their simplicity and the large range of impacts a single bug can cause from mediums to highs! They're also a great beginner bug and also my first bug, so I think they're a great place to get started with Bug Bounty in 2020/2021. However, I know a few people find them difficult bugs so I wanted to share my top 10 tips for IDOR hunting and how I find IDORs reliably and quickly.
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
- Social Media -
Discord: / discord
Patreon: / insiderphd
Twitter: / insiderphd
- Patreon Shoutouts -
Penny
MechaInfoSec
Wardell Castles
rl1k
strongbeard
Gynvael
Ram
James Clee - บันเทิง
This is really fruitful content specially when sharing those kind of information. Also when you try to get your first bug it can be little bit hard at beginning.
So THANK YOU for giving us your knowledge 😎
It IS hard, I think what sets out people who don't find a bug and people who do is literally just perseverance. You get more skilled over time but initially all you have is luck, so you've gotta keep trying!
@@InsiderPhD Hello again, I am very happy to annonce you that I already found my first bug few days ago on Hacker101 Private Program. I want to thank you for your videos and for sharing your knowledge with us.
Happy Hack ^^
@@popo_hackwhat bug is he,How long did it take you to find this bug, I haven't harvested for four months.
Great video Katie!! Cheers!
Yo I was hoping today to watch your earlier IDOR video for some hacking hints for IDOR and you uploaded another one :))
Thankssss!
Love your content
i absolutly love this video, sharing your methodology is gold valuable for begginers! thanks!
Mesmerizing content Kate! Thanks :)
I appreciate your content so much! And thank you for sharing your bugs with us lol
Yay, another Insiderphd video !!
Sorry! Been moving it’s super stressful 🙏🙏
Super informative! Looking to start doing bug bounties; I think this has solidified IDOR’s as a good start.
How did it go?
Did u get good at it ??
Great Video for Beginners Katie keep it up.
marvelous! Thank you for the upload.
Thanks for sharing. Waiting for more.
Amazing! by the sound of it you are very young but alot of teachers could be jealous of your teaching skills ! Good job
Thank you !!! for always making good videos
Thanks for ur great efforts 🔥
Great Video!
Awesome job!!!
thank u Dr for these videos!
awesome video once again, thanks for the secret sauce
thanks Katie!
Thank you so much. I really love video for you!
Great video, thanks for sharing your methodology, it's very helpful!
Just love the way u present, Love from Bangladesh
Love the instruction in your videos..🙂👍🏽👨🏾💻
Hyy you've given me a good idea for how to look for bugs, since my findings all are duplicate 😅
Do you mind sharing a spreadsheet with some of your testcases? That would be helpful for us beginners
I hope I can one day be good enough to find some bugs 😅
Practice, practice, practice. Never stop learning, always try to hack and I’m sure you’ll find something!
We're all on the same train let's keep the grind!!
How did it go?
@@mahmoudadel197how's it going for you ? 😅
Me too
I just started IDORS
Awesome keep it up :)
Thank you!
thanks katie
I found an IDOR + XSS vulnerability, but it was a duplicate :(
Aww that sucks, hopefully you’ll be first next time!
Got a bug yass
Got a dupe yaaasss
Keep trying it will get better with time
@-メAjax he's probably be a prime suspect in the crime since he literally went to the devs and told them he knows this exploit
You should be happy about finding it, no matter whether you were the first or not. Well done!
Really appreciate
Amazing video Katie specially with those doodles and animations texts, I wanted to ask for test case-4 i.e Firefox Containers , if there is an IDOR with exchanging cookies , how will the attacker steal those cookies from the user until and unless its a XSS . As I submitted 1 bug using the cookies and it was closed as N/A as the triage team asked how the cookies will be stolen from the user.
In this case we use the cookies of account A to make changes to something owned by account B, showing that any user could affect any other user. Sorry if this is unclear it’s a quick way to test if we logged into one account if we could make changes on another! I will make this clearer in a future upcoming video!
But to use your example this is a great example of when bug chains can be key to getting a high severity, by, as you say using an XSS, which can be chained into a full account takeover!
@@InsiderPhD hii Ive got the same question from twitter, asking me how you would get the cookie and csrf token of the victim..
A new subscriber
Awesome...!
YEEYYY IDORS, I've been focusing on Idors for my first bug s
Have you found one yet?
@@animazing1002 only a dupe
@@groeneappel7842 still you found < cheers
did you find any yet
loved it
Katie i love your style. *mau
the chuckles behind base64
Inspired by you...
Been a week finding idors...
Didn't found any😅 but still looking...
I just hope find one soon...
Starting to lose motivation...🤒
Any Updates?
Kindly create a video about hunting IDORs with Burp Suite Autorize extension
I am 15 . Trying to get my first bounty. Wish you have great days ahead.
Found anybug?
@@dev__004 bugs for 3k
@@fahadfaisal2383 I started 1 yr ago and learned fpr 2 months stopped and started now again and got 3 duplicates. Any tips for me brother
Brother, I am not that pro to give advice to you, but I need to automate your tasks avoid duplicates.
@@fahadfaisal2383 got any social media handles and also can u mention some of the tools u use. Thank you brother
While doing subdomain enumeration, i got 502 error from cloudfront .Is it possible to do a subdomain takeover in this case?
Hey katie.. your videos are amazing ! ....... can you please share the slides? ... thank you
Can you explain what you mean when you say endpoint? Do you mean the functionality of the webpage? (Update, delete, add, etc..) Or do you mean like a physical device like a server?
Endpoint in this case is URL that does something, now years ago this would mean a file that exists but modern web apps use something called routing so each URL doesn’t necessarily map to a file, hence calling them endpoints
I love you dude
Do you mind sharing a sample of the spreadsheet you use cross out what you've
Hi dhidhi ! I started learning about bugbounty from last 3 months I'm on full swing on this thing started doing labs on websecurity academy but i am so afraid dhidhi like to do this things like I am afraid of getting caught . After learning everything Can I implement same thing in intigriti platform and other bug hunting platform ? Is that same what I learnt from web security academy ?? I'm afraid to start hunting in intigriti please suggest some tips to how to stay safe in this ride please
Katie I'm new at this. I found in my first week a bug that has no real impact (from my point of view). Changing the parameters on a "delete user request form" from user "A", putting the ID of user "B", it sends the "confirmation to delete user B" mail to user "B". But user B can ignore this mail and nothing happens. Should I report this?
No, this is expected- User B doesn’t have to action it and since it sends an email that provides another layer of security
Hello Katie, if changing session_id user (a) with session_id with user (b) shows his inbox, is it an IDOR?
Nope, session IDs in itself are authentication tokens hence that is just how the website works. Hare supplying As credentials to B
Cute doodles:)
IDOR...IDOR....IDOR.... HODOR!!
edit: this was so offtopic, but I couldn't resist.
Why?
whats the process of contacting the company, they obv must have a VDP in place? (if so, is there a list of companies with VDPs out there that you go through?)
and then you simply contact the company and send a report of the vulnerability you have found?
also how is payment amount decided? (are the details stipulated in their vdp?)
thanks for the vid :)
I would only hack on bug bounty platforms like Intigriti, HackerOne, BugCrowd or Synack- simply because it’s 100% legal and safe. For a list of VDPs try disclose.io
Got an Heart Attack after seeing this video template.... Thank God I'm Alive now x_x
Vertical privilege escalation 😌
I'm a 20 yrs old BSIT student, but only know "hello world". 😔 I really want to learn things like this, but it's so hard.
It's difficult until it's not! So keep pushing! :)
There are nothing that you cant do
We all describe any thing we dont know as a hard thing, untill you know it and understand it you will laugh about your self in the past
Thank you so much😊❤️
i fully understand the idor concept but i didn't know where i can put my practical skills??
how i will find bugs? where i can find it?
which website i will use for it?
no youtube channel tells us how to find actually>>>>
Large API! Yahoo, tumblr uber, open sea etc just look for APIs on HackerOne
@@InsiderPhD Well thank you ma'am.. I'm now learning it.. but can you make a video about it how to find IP in Website through hacker one please coz I'm almost done just need one step closer to real world
Hello, I have a doubt
At 8:10 , you need to have access to two cookies so it can only work if both accounts are owned by you right? Is that a vulnerability? Because you are accessing your own account then right?
Yeah, but what we're demonstrating is that we can do something User A's account, while logged onto to User B, so we could use the vulnerability to change any account. We use 2 accounts we own because usually program rules forbid you from accessing any other users account but ones you create. Hope that helps!
Thank you for the reply!
But for this to be a potential threat, wouldn't an attacker need to know the victim's cookie?
No because we swap the cookies:
Step 1: perform an action on User As account
Step 2: repeat or intercept the request
Step 3: Change the cookie from User As to User Bs
Step 4: Did it work? If yes it’s an IDOR
We never use User As cookie apart from to do the action to capture the request in Burp, then we replace it to simulate an IDOR
Oh okay now i understand. Thank you for clarifying! 🙂
Have you seen the new INE cyber pass? What's your thoughts on it?
I had not seen it, I googled it, here is my reaction:
"Oh buy a year get another free? That's pretty good, how much does it cost- JESUS CHRIST that's expensive"
At that price point you're better looking at more established qualifications that specialise you, rather than trying to take every certification you can
we shouldn't forget about the IDOR that weev found in AT&T Ipads that landed him in Jail
What happened to that guy
@@killabite620 He's been involved with The Daily Stormer. Far-right, antisemitic, white-supremacist stuff, basically.
>super content (nice$
Please pin the recommended prerequesites in comment or somewhere! ( 1:58 )
What are the most common vulnerability that gets paid?
HackerOne publishes that data! They posted this in the last few days: www.hackerone.com/top-ten-vulnerabilities
Currently XSS is on top, followed by Improper Access Control and Information Disclosure. But the thing to look for is % change, that tells you which bugs are becoming more common: Improper Access Control, SSRFs and IDOR might be the bugs to keep an eye out for in the next few years!
@@InsiderPhD IDORS are hard to find 😵most probably all of them look for those.
Finally a non-Indian guy on TH-cam :D
love from Pakistan
Idor with cookies is out of scope for the most companies?
It shouldn’t be? It’s just a easier way to demonstrate an IDOR exists
Is it worth to find IDORs nowaday?
I found 2 IDORs a month ago for $500 + $250 :)
@@InsiderPhD it mostly depend on luck. Since it's easy to find and exploit, it's hard to find. There's high chance of getting duplicate for such basic vulnerabilities.
@@rafinrahmanchy Not all IDOR's are easy to spot some IDOR's requires deep understanding of the application/id's/parameters/enpoint's.
@@0xx039 everyone have understanding on them. No need to mention. Still it's hard to make bounties out of it.
how can i follow you o hackerone?
My username is Insiderphd but I mainly hunt on private programs so I don’t have any disclosed bugs yet!
@@InsiderPhD ok mam thanks for the reply😇
I am getting demotivated because I am not getting any bugs.........oh Katty plz help.....:-(
Same here bro!😂
But patience and consistency is the key.
*Katie
just be honest. I'm frustrated about bug bounties
weirdness*
:)
youtube :)
She speaks like the algoexpert guy
Educative..but don't make people believe finding bugs is easy
if its easy everyone will do it...
First
Are in Freecodecamp