#WebSecurity #IDOR A video on how Insecure Direct Object References can affect a web application. SPONSORED BY INTIGRITI - intigriti.com 🎵 Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: • Warriyo - Mortals (fea...
Your videos are super cool for learning web app security. I don't have any hesitation to recommend this channel. Please try to make more videos covering at least OWASP TOP 10
I never heard of this, but it never came to my mind, not checking the privileges of the requesting identity, before returning or doing anything. But seeing how many developers are working im glad videos like this exist.
This is really awesome..... You really explained everything in such an easy way...... You should definitely continue uploading more videos on web security... Surely your channel will gain more likes and subscribers... 👍👍
I once ran into a website that simply had endpoints for fetching and arbitrarily modifying any user's data, and handled all the security logic in the browser. Including comparing the entered password with the user's actual password. In cleartext, of course. Oh, and that "modify user data" endpoint? It was more like an "upload file to users directory" endpoint. Which was vulnerable to directory traversal. And since you could specify any file extension...well, let's just say they had rather Pitiful Hack Protection.
About that ending, few ideas, maybe the delete post after the check is a non-private internal webpage you can access directly, maybe the server to use is in the request and you can send a server you control, maybe there is a sql injection, or stored xss
Yes I have a question .... I play alot of chess .. and I thank god for chess softwares and chess engines that allow me to practice over and over things I have learnt ... until I get more confident ... and then I like how I can increase the levels as well ... Here's my question .... I have read things and watched your video on IDOR vulnerability ... but I want to practice it ... I want to try it out myself ... and then after I have mastered an easy level I want to be able to increase to harder ones ... are there any softwares or websites I can buy that has like 100's of IDOR vulnerabilities that I can use software to exploit and practice all night?? Thanks.
i have accidentally found one of these in a ecommerce prodocts info site. There was this paid version of the site that will tell you the bset products and you could see for free the common products. But you could change the id in the url and it would not verify your account so you could see other products you are not suposed to the problem was the randomes of the id parameter.
Our local math competition site had this error. It was running nearly the same (PHP!) code since 2003. (It did NOT use POST requests. IT USED A GET REQUEST!!!)
Well making these videos take a lot of time anywhere from 2-3 days only for editing audio and the video. The research for the topic also takes more time because I have to read a bunch of blogs, watch hour long talks, play related ctf challenges or find some real world vuln to showcase in the video and read a bunch of writeups which might take anywhere from 3-4 days and on top of that I've got a day job. So putting out 2 vids a week is very hard unless.
I discovered this vulnerability once on a school website without knowing the formal name. My PDF document with my data was 501.pdf and out of instinct I wondered if there was a 500.pdf and 499.pdf