appsec.fyi

A somewhat curated list of links to various topics in application security.

Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference (IDOR) is a vulnerability that arises when attackers can access or modify objects by manipulating identifiers used in a web application's URLs or parameters. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.

From OWASP

ItemDate AddedLinkExcerpt
12025-08-14 04:01:35 UTChttps://secops.group/blog/exploiting-idors-a-compilation-of-some-neat-new-and-crazy-examplesThe content discusses exploiting Insecure Direct Object References (IDORs) with various examples showcasing how attackers can manipulate web applications to access unauthorized data. It highlights the importance of secure coding practices to prevent IDOR vulnerabilities and protect sensitive information. The examples demonstrate how IDOR flaws can lead to data breaches and unauthorized access. By understanding these vulnerabilities, developers can enhance their security measures and safeguard against potential exploits.
22025-08-14 04:01:29 UTCJobert Abma on Twitter: "Hacker tip: when you’re looking for IDORs in a modJobert Abma shared a hacker tip on Twitter about finding IDORs in a mod. This tweet suggests that Jobert Abma is providing advice or guidance related to hacking techniques, specifically focusing on Insecure Direct Object References (IDORs) within a mod. The content is concise and implies that Jobert Abma may be sharing insights on exploiting security vulnerabilities in software or applications.
32025-08-14 04:01:27 UTCA Less Known Attack Vector, Second Order IDOR AttacksThe content discusses Second Order Insecure Direct Object Reference (IDOR) attacks, which are a lesser-known attack vector. These attacks involve exploiting vulnerabilities in an application's logic to manipulate indirect references to objects and access unauthorized data. Second Order IDOR attacks can be more complex and challenging to detect compared to traditional IDOR attacks. Understanding and mitigating these types of attacks are crucial for enhancing the security of web applications.
42025-08-14 04:01:25 UTChttps://link.medium.com/uAVtDAbHy3I'm sorry, but I am unable to access external content such as the Medium link provided. If you can provide me with the main points or key ideas from the content, I would be happy to help summarize it for you.
52025-08-14 04:01:23 UTChttps://link.medium.com/99Jx3wwTv3I'm unable to access external content such as the one you provided. If you can provide a brief overview or key points from the content, I'd be happy to help summarize it for you in 100 words or less.
62025-08-14 04:01:21 UTCInf0rM@tion Disclosure via IDOR - Pratyush Anjan Sarangi - MediumThe content is titled "Inf0rM@tion Disclosure via IDOR" by Pratyush Anjan Sarangi on Medium. It likely discusses Information Disclosure through Insecure Direct Object References (IDOR) in web applications. This vulnerability allows unauthorized access to sensitive data by manipulating object references. The article may delve into the impact of IDOR on security and ways to prevent such disclosures.
72025-08-14 04:01:19 UTCcat ~/footstep.ninja/blog.txtThe command "cat ~/footstep.ninja/blog.txt" is used in a Unix-like operating system to display the contents of a specific file named "blog.txt" located in the directory "~/footstep.ninja". The "cat" command is commonly used to concatenate and display the contents of files. By running this command, the text within the "blog.txt" file will be displayed in the terminal window.
82025-08-14 04:01:17 UTCcat ~/footstep.ninja/blog.txtThe command "cat ~/footstep.ninja/blog.txt" is used in a Unix-like operating system to display the contents of a text file named "blog.txt" located in the "footstep.ninja" directory. The "cat" command is commonly used to concatenate and display the contents of files. By running this command, the text within the "blog.txt" file would be displayed in the terminal window.
92025-08-14 04:01:16 UTCAirbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment MethoThe content suggests a concern that Airbnb may be involved in stealing earnings from hosts by adding unauthorized bank accounts or payment methods. This raises issues of potential fraud or unauthorized access to hosts' funds. It highlights a possible risk for Airbnb hosts who rely on the platform for income.
102025-08-14 04:01:11 UTCHTTP Request Smuggling IDOR - HipotermiaThe content appears to be about a potential security vulnerability known as HTTP Request Smuggling IDOR (Insecure Direct Object Reference) with the code name "Hipotermia." This vulnerability could allow attackers to manipulate HTTP requests to access unauthorized resources or perform malicious actions. It is essential for web developers and security professionals to be aware of such vulnerabilities to prevent exploitation and protect sensitive data.
112025-08-14 04:01:10 UTCcat ~/footstep.ninja/blog.txtThe command "cat ~/footstep.ninja/blog.txt" is used in a Unix-like operating system to display the contents of a text file named "blog.txt" located in the "footstep.ninja" directory. The "cat" command is commonly used to concatenate and display the contents of files. By running this command, the text within the specified file will be printed in the terminal window.
122025-08-14 04:01:07 UTCStories Of IDOR-Part 2 - InfoSec Write-ups - MediumThe content seems to be a continuation of a series called "Stories Of IDOR" focusing on cybersecurity write-ups. It is likely published on the Medium platform. The content may delve into stories related to Insecure Direct Object References (IDOR) in the realm of information security. This series could provide insights, analysis, and possibly solutions related to IDOR vulnerabilities.
132025-08-14 04:01:05 UTCHow I could delete Facebook Ask for Recommendations post’s place objects inThe content discusses how to delete the location tags associated with Facebook Ask for Recommendations posts. It focuses on removing the specific place objects that are linked to these posts.
142025-08-14 04:01:03 UTCChains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE)The content appears to discuss chaining multiple Insecure Direct Object References (IDORs) to execute an Account Takeover attack. This process involves exploiting vulnerabilities in the way user permissions are handled to gain unauthorized access to user accounts. The title suggests that this is part one of a series of articles or guides on this topic.
152025-08-14 04:01:01 UTChttps://link.medium.com/ReIPZNYhm0I'm unable to access external content. If you provide me with the key points or main ideas from the content, I can certainly help summarize it for you in 100 words or less.
162023-09-22 16:17:58 UTCIDOR - how to predict an identifier? Bug bounty case studyThe content discusses IDOR (Insecure Direct Object Reference) vulnerability in bug bounty programs, focusing on predicting identifiers to exploit this flaw. The video likely provides a case study demonstrating how this vulnerability can be leveraged for unauthorized access. It is essential for security professionals and bug bounty hunters to understand and address IDOR vulnerabilities to protect systems and data.
172021-02-13 11:32:06 UTCFinding more IDORs – Tips and Tricks | AonThe content provides a compilation of helpful tips, tricks, and techniques aimed at uncovering Insecure Direct Object References (IDORs). It offers guidance on how to identify and exploit these vulnerabilities effectively.
182021-01-24 15:41:49 UTCAll About IDOR AttacksIDOR attacks involve exploiting vulnerabilities in systems that allow attackers to access data they are not authorized to view. Insecure Direct Object References occur when an application exposes internal implementation objects, such as files or database records, to users without proper authentication. Attackers can manipulate parameters to access sensitive information or perform unauthorized actions. Preventing IDOR attacks requires implementing proper access controls, validating user input, and ensuring that sensitive data is not exposed directly. Understanding how IDOR attacks work is crucial for organizations to protect their data and systems from unauthorized access and potential breaches.
192020-01-13 01:20:46 UTCGraphQL IDOR leads to information disclosure - Eshan Singh - MediumEshan Singh, also known as R0X4R, discusses a recent discovery related to GraphQL IDOR (Insecure Direct Object Reference) leading to information disclosure. Singh shares insights and details about this vulnerability in the Medium article.
202020-01-13 01:20:27 UTCcat ~/footstep.ninja/blog.txtThe content seems to be the title of a command that suggests viewing a file named "blog.txt" located in the "~/footstep.ninja" directory. The title "The HTML5 Herald" could indicate that the content of the file may be related to HTML5 technology or news.
212020-01-13 01:19:55 UTCcat ~/footstep.ninja/blog.txtThe content is titled "The HTML5 Herald" and is likely found in a file named "blog.txt" within the "footstep.ninja" directory. It suggests that the content inside the file may be related to HTML5 technology or news.
222020-01-13 01:19:47 UTCcat ~/footstep.ninja/blog.txtThe content is a command line prompt to view a file named "blog.txt" located in the "footstep.ninja" directory. The title of the file is "The HTML5 Herald."