Videos

Published on May 30th, 2019 📆 | 7995 Views ⚑

0

Bug Bounty : Account Takeover with IDOR vulnerability on live website

iSpeech.org

Get the Full Article on : https://catchthebugs.com/

In this video, I am have demonstrated you how to test for Insecure Direct Object Reference (IDOR) vulnerability in a web application.

IDOR vulnerability is found in an application when an internally implemented object is displayed to users without any kind of access control. The internally object can be a file, user ID or database key. Using those objects, the attacker may get other critical and unauthorized data. The attacker sometimes can even take over other user’s account.

IDOR vulnerability allows a hacker to get access to data of other users manipulating a registered user's account ID.

Disclaimer : This is just for demonstration, don’t use the website for bad purpose. If you damage or takeover someone’s account and cause any harm, you will be fully responsible for that.

2019-05-30 15:06:58

source

Tagged with: account • bounty • takeover • vulnerability • website

Comments are closed.

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Popular
- Debian Security Advisory 5664-1 – Torchsec by Admin April 18, 2024 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5664-1 security@debian.orghttps://www.debian.org/security/… (9)
- Google Sues App Developers Over Fake Crypto… by Admin April 8, 2024 Apr 08, 2024NewsroomInvestment Scam / Mobile Security Google has filed… (8)
- Red Hat Security Advisory 2024-1687-03 – Torchsec by Admin April 9, 2024 The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1687.jsonRed Hat officially shut… (8)
- Open Source Medicine Ordering System 1.0 SQL… by Admin April 8, 2024 # Exploit Title : Open Source Medicine Ordering System v1.0… (7)
Gloss
- vikierm on Red Hat Security Advisory 2024-2639-03 – Torchsec
- vilianashf on Ubuntu Security Notice USN-6759-1 – Torchsec
- vikikmg on Ubuntu Security Notice USN-6761-1 – Torchsec
- vikiofb on Ubuntu Security Notice USN-6729-3 – Torchsec
- Irinvff on Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
- MichailmoeYI on Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
- MichailmoeYI on Ubuntu Security Notice USN-6745-1 – Torchsec
- EdithImpagGE on Red Hat Security Advisory 2024-1882-03 – Torchsec
- EdithImpagGE on Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference – Torchsec
- RaphaelImpomWM on Gentoo Linux Security Advisory 202403-04 – Torchsec
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Janet Ruggiero
  
  registered 12 hours, 24 minutes ago
- Ted Daigre
  
  registered 1 day, 16 hours ago
- Abraham Wingate
  
  registered 1 day, 17 hours ago
- Krystle Bogner
  
  registered 1 day, 19 hours ago
- Deanna Waterhouse
  
  registered 2 days, 4 hours ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- Hardware
  
  active 12 hours, 23 minutes ago
- Pentest Tutorials
  
  active 12 hours, 23 minutes ago
- Pentest Tools
  
  active 12 hours, 23 minutes ago
- Gaming
  
  active 12 hours, 23 minutes ago
- Embedded Systems, Electronics, Gadgets, and DIY
  
  active 12 hours, 23 minutes ago
linktr.ee/obewyn

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

Archives

© Torchsec Privacy Policy Disclaimer T&C

Back to Top ↑