Hello all… Today, I will be sharing with you how I discovered an IDOR vulnerability on a government website.
So what is IDOR?
Insecure Direct Object Reference (IDOR) vulnerabilities are a common security flaw in which applications unintentionally expose sensitive internal objects such as files, databases, and user details.
Lets see what I found and How!
While searching on Shodan, I stumbled upon an IP address that belonged to the government of Singapore. From there, I discovered the domain example, domain.org and began looking for subdomains, eventually using the Firefox extension “Open multiple URL” to open them all at once.
While browsing the tabs, I discovered a sign-up page in a subdomain xyz.domain.org for users and created an account to access the dashboard. However, when I clicked on “My profile” it took me to the profile of the superadmin with an ID of “/profile/edit/1” where I could view personal details such as email, address, phone number, and location,
but not edit them :(
After experimenting with different ID values, I eventually found my own profile at “/profile/edit/52”. Still I quickly reported this vulnerability to the main domain’s “Report vulnerability” link on HackerOne and got accepted :)
This is a short summary of how I found an IDOR vulnerability. Thank you for your time, and happy hunting! ❤