- Testing for Insecure Direct Object References (WSTG-ATHZ-04)
- https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/
Vulnerability description for reporting available in VulnDB (GitHub)
How to test
Intercept requests with Burp and play with parameters to access data from other clients.
If you wanna find the inject point in this request, you can use Burp Suite’s compare tool. You should right-click on the request and choose “Send to Comparer” option. Then you can create the same request for using another object and send to comparer.
When you visit to the comparer tool and click on the “Words” button, you will be presented with a window where the changing points.
Examples
A client accesses information from other clients, usually by changing some id like document-id.
API like /messages/5955 where 5955 is a message the client can see. Change the message ID to a message from another client.