This is really awesome..... You really explained everything in such an easy way...... You should definitely continue uploading more videos on web security... Surely your channel will gain more likes and subscribers... 👍👍
I never heard of this, but it never came to my mind, not checking the privileges of the requesting identity, before returning or doing anything. But seeing how many developers are working im glad videos like this exist.
Your videos are super cool for learning web app security. I don't have any hesitation to recommend this channel. Please try to make more videos covering at least OWASP TOP 10
About that ending, few ideas, maybe the delete post after the check is a non-private internal webpage you can access directly, maybe the server to use is in the request and you can send a server you control, maybe there is a sql injection, or stored xss
I once ran into a website that simply had endpoints for fetching and arbitrarily modifying any user's data, and handled all the security logic in the browser. Including comparing the entered password with the user's actual password. In cleartext, of course. Oh, and that "modify user data" endpoint? It was more like an "upload file to users directory" endpoint. Which was vulnerable to directory traversal. And since you could specify any file extension...well, let's just say they had rather Pitiful Hack Protection.
Yes I have a question .... I play alot of chess .. and I thank god for chess softwares and chess engines that allow me to practice over and over things I have learnt ... until I get more confident ... and then I like how I can increase the levels as well ... Here's my question .... I have read things and watched your video on IDOR vulnerability ... but I want to practice it ... I want to try it out myself ... and then after I have mastered an easy level I want to be able to increase to harder ones ... are there any softwares or websites I can buy that has like 100's of IDOR vulnerabilities that I can use software to exploit and practice all night?? Thanks.
i have accidentally found one of these in a ecommerce prodocts info site. There was this paid version of the site that will tell you the bset products and you could see for free the common products. But you could change the id in the url and it would not verify your account so you could see other products you are not suposed to the problem was the randomes of the id parameter.
Our local math competition site had this error. It was running nearly the same (PHP!) code since 2003. (It did NOT use POST requests. IT USED A GET REQUEST!!!)
I discovered this vulnerability once on a school website without knowing the formal name. My PDF document with my data was 501.pdf and out of instinct I wondered if there was a 500.pdf and 499.pdf
Well making these videos take a lot of time anywhere from 2-3 days only for editing audio and the video. The research for the topic also takes more time because I have to read a bunch of blogs, watch hour long talks, play related ctf challenges or find some real world vuln to showcase in the video and read a bunch of writeups which might take anywhere from 3-4 days and on top of that I've got a day job. So putting out 2 vids a week is very hard unless.
sweeeeeet!!! huge fan! love the color scheme and pace!
Thank you!
oh hey its STOK
@@PwnFunction that would be pretty cool if Linux had that color scheme and font for its command line
Stök 😱😱😱😱
Uff STÖK
LiveOverFlow haxed! xD Nice video as always!
XD
I sure hope you do not stop with these tutorials, well done.
please keep up with the great content and easy to understand lessons.
I'm so happy that I don't have to explain things to people in a complex way by sending random links to people! :D I'm gonna share it across!
I am a huge fan of the way that you end your videos... That outro is so inspiring!!
Really nice breakdown of IDOR's! Subbed!
Another great video..
few more 101 videos, and this channel will be the go to channel for learning bug bounty or web security.
keep up the good work!
Broo, The way you explain is just super smooth and very understandable
Thank you so much
Many thanks for the explanation. Very well done! Please don't stop making videos.
Awesome video again. I have to say this is gonna be best youtube channel for learning web security. Please make a video on XXE too. 😀
I soo wanna get into more better vulns, but I gotta go from the basics for this series. I promise the next video is gonna be on XXE :)
@@PwnFunction eyy 2 years late but you actually delivered. Nice!
Oh God, I'm so glad I found your channel, you explaining it and so easy to understand.. I'll sub for that
Wouuuuuu NICE DISCOVERY! great great job! thanks
What a way of teaching .great
Nice tutorial, I love your UI taste
Love your intro and outro :D and ur content as well
Awesome !! Video Keep posting other Web vulnerabilities video also !!! Thanks !
thank you dude, this helped me so much.
Underrated channel ! Subbed ❤️
Another awesome video. Thanks.
This is really awesome..... You really explained everything in such an easy way...... You should definitely continue uploading more videos on web security... Surely your channel will gain more likes and subscribers... 👍👍
Love you brother 😍 Waiting for more ❤ keep up the good work 🙏
Just wanna say your videos are amazing :)
very well explaind.. thanks aton 👏♥️
Awesome video. Thank you so much
I never heard of this, but it never came to my mind, not checking the privileges of the requesting identity, before returning or doing anything. But seeing how many developers are working im glad videos like this exist.
Waiting for more Such Awesome videos
Your videos are super cool for learning web app security. I don't have any hesitation to recommend this channel. Please try to make more videos covering at least OWASP TOP 10
awesome voice , awesome explanation , awesome colors , overall fantastic video
Awesome video!! Thanks!
Awesome videos, it's easy to learn, thanks for sharing :D
You should continue maaaaaaaaaaan continue doing stuff like this...
You explain so well!!!!
Nice one.. keep going. . ;)
Waiting for your video on FUZZING ❤️
Loved the reference to LiveOverflow!
I understand idor now, thanks 😀
LOVE YOUR VIDS
Awesome stuff!
Fun fact: google images suffer from IDOR too (or at least did a year or two back)
That's why always use post or raw body json as params to get or post the data.
Nice explanation. Real talk😊
great video ... love u brother
Awesome...!
About that ending, few ideas, maybe the delete post after the check is a non-private internal webpage you can access directly, maybe the server to use is in the request and you can send a server you control, maybe there is a sql injection, or stored xss
Amazing..
Splendid!.
Awesome
Great Material
you're too good in explaining although i request you to make videos on all the owasp top 10
That's great!
Awesome make video like this again please
Can you explain the adding a quote thing?
i love your content
I once ran into a website that simply had endpoints for fetching and arbitrarily modifying any user's data, and handled all the security logic in the browser. Including comparing the entered password with the user's actual password. In cleartext, of course.
Oh, and that "modify user data" endpoint? It was more like an "upload file to users directory" endpoint. Which was vulnerable to directory traversal. And since you could specify any file extension...well, let's just say they had rather Pitiful Hack Protection.
Can you get a lawsuit for hacking?
great
Cool !
Yes I have a question .... I play alot of chess .. and I thank god for chess softwares and chess engines that allow me to practice over and over things I have learnt ... until I get more confident ... and then I like how I can increase the levels as well ... Here's my question .... I have read things and watched your video on IDOR vulnerability ... but I want to practice it ... I want to try it out myself ... and then after I have mastered an easy level I want to be able to increase to harder ones ...
are there any softwares or websites I can buy that has like 100's of IDOR vulnerabilities that I can use software to exploit and practice all night?? Thanks.
Awesome!
Pretty cool.
It's really hard to find this vulnerability now, almost every website out there use a token or some hidden id to check against
Luckly
@@arki4433 indeed
"Most of you might add a single of double quote at the end, because it's just an OCD thing at this point"
I've never heard anything more relatable
Managed to find an IDOR in a government webapp.
Had to send this to them to explain what went wrong 😂😂😂
What's the application are you using for draw your slides?
Always implement permission when making an app inorder to restrict some to access other records
i have accidentally found one of these in a ecommerce prodocts info site. There was this paid version of the site that will tell you the bset products and you could see for free the common products. But you could change the id in the url and it would not verify your account so you could see other products you are not suposed to the problem was the randomes of the id parameter.
you are fantastic
I love you!! Keep up the good work.. can I take your knowledge?😂
Sure, here you go
"G😂😂gle".
I love you man 🤗
Waiting for mores
1337 Elite
By Björn Gustavsson
U r boss, bro!
Quality Video as always... it would be nice it upload owasp top10 vuln :)...
I'll be including them in the `Web Security 101` series.
So much better explanation but which music did you use at the end /????
th-cam.com/video/yJg-Y5byMMw/w-d-xo.html
Our local math competition site had this error. It was running nearly the same (PHP!) code since 2003. (It did NOT use POST requests. IT USED A GET REQUEST!!!)
And how does POST change anything? Lol.
💓
lol what is AAA anymore if someone codes the gateway like for gigo
Im a big dumb but I fucking understood ! Bravo well done 😂😂
make more videos please.......
Wow. LiveOverflow 2.0 :O
They can never access it if I wrote my own server and I didn't implemented it.
I discovered this vulnerability once on a school website without knowing the formal name. My PDF document with my data was 501.pdf and out of instinct I wondered if there was a 500.pdf and 499.pdf
Next improper acces control pleasee
Most of these vulnerabilities worked back in the early stages of MySpace.
iDoor: next generation smart lock technology, connects to your phone, fast validation
Ah the php and flask different http?post_id=9&post_id=10
would someone tell me how to make a video like this?:)
introducing the new apple technology... iDOOR
Lifeoverflow has literally 1337 as userid?? havent seen use of leet in a long time ;D
Great explaining the content...keep it up buddy.
Why u won't come up with 2 videos a week, would be great 🙌
Well making these videos take a lot of time anywhere from 2-3 days only for editing audio and the video. The research for the topic also takes more time because I have to read a bunch of blogs, watch hour long talks, play related ctf challenges or find some real world vuln to showcase in the video and read a bunch of writeups which might take anywhere from 3-4 days and on top of that I've got a day job. So putting out 2 vids a week is very hard unless.
You explain more clearly than live overflow. Not that he doesn't explain well.
😍😘😗😙😚
Your sounds looks like jack rhysider
LEET!
When you're insecure but also direct at the same time 😳😐
Why is LiveOverflow always the victim.........seems intentional.
we read "joetee" not "j" "w" "t" 😊👊🏻
1337😍😍😍❤❤❤
aaaw
please make video about binary exploitation 😂
everyone does this in roblox
Pop filter? Those "p" sounds are kinda loud and distracting
I forgot to use it while I record lol
@@PwnFunction oh lmao