Insecure Direct Object Reference [IDOR]
Hello Hackers, welcome to my second blog on my latest vulnerability discovery in an Android application.
This time, I discovered a vulnerability known as Insecure Direct Object Reference (IDOR).
Introduction
In the world of software security, identifying and mitigating vulnerabilities is crucial to ensuring the safety and integrity of user data. One such vulnerability that can pose a significant risk to Android applications is Insecure Direct Object Reference (IDOR). In this blog post, we will explore the concept of IDOR vulnerabilities and discuss the process of finding and addressing multiple IDOR issues discovered in an Android application.
What is Insecure Direct Object Reference (IDOR)
IDOR vulnerabilities occur when an application directly references internal objects or resources without the necessary authorisation checks, exposing sensitive data or functionality. In simple terms, it indicates that a user has access to or control over data or activities that ought to be limited to them. Such vulnerabilities can lead to unauthorized access, data leakage, or even account takeover if exploited by malicious actors.
The vulnerability
When I access my data within the app, the programme makes a request with the userId parameter, and by replacing the parameter with other users, the app retrieves data from other users.
Practical Time
POC:
1) Read other users data:-
- Accessing my profile/data.
- Captured request in burp suite.
- Accessing data of other user.
2) Accessing other user donation details
- Accessing data of my donation.
- Captured my original request and response.
- Accessing other user data.
3) Update other user data/Information
- Updating my account Information.
- Set name that is going to update in other's account.
- Captured original request of updating my account information.
- Change userId and updating other user's information.
- Successfully update information in other user's account.
4) Updating profile picture of other user
- Changing my account profile picture.
- Captured request of my account while changing profile.
- Change userId and successfully change other user profile picture
- Successful change profile picture.
In summary, our goal as bug bounty hunters is to expose flaws that jeopardise the integrity and security of web applications. An important risk is posed by insecure direct object references (IDOR), which give attackers unrestricted access to critical resources. We can significantly contribute to keeping the digital world safer by comprehending the nature of IDOR and using efficient testing procedures.
Thank you for reading!!
0 Comments