In my experience Insecure Direct Object Reference is one of the least well known vulnerabilities out there, but it’s a very simply issue to explain. It’s a vulnerability that generally leads to loss of confidential data but can result in the less of modification of data too.
Consider a URL such as: http://idor.example.com/profile?userID=793 which returns a page like:
Name: Holly Grace
Password: MyP@ssw0rdNow imagine that whilst I’m logged into my account I change the URL in the address bar to end: /profile?userID=792 and I get the following:
Name: Tiyler Swaft
Password: $up3rSecretThat’s Insecure Direct Object Reference! I’ve simply changed a parameter and I’ve been able to access data that I shouldn’t, it’s as simple as that. I think it’s an often overlooked vulnerability as first of all the parameter doesn’t have to be quite as obvious as this example and secondly because automated scanners aren’t very good at picking up on this kind of issue as they wouldn’t necessarily have the intelligence to realise that I shouldn’t be able to read Miss Swaft’s profile information.
The impact isn’t just confidential data loss though, consider URLs like:
http://idor.example.com/changePassword?userID=793 http://idor.example.com/deleteAccount?userID=793Here you could imaging the IDOR allowing for account take-over and data loss! A pretty simple vulnerability that’s based simply in an insufficient amount of authentication, where a user’s permissions are not validated before data is served.
CSRF: Cross-site Request Forgery
Often abbreviated to CSRF and often pronounced as “Sea-Surf” is an attack against a Web Application that abuses an application’s trust in the user. A threat actor’s aim is to cause a function to execute on the application using the user’s authentication credentials simply by causing the user’s browser to [...]| Play | Cover | Release Label |
Track Title Track Authors |
|---|