Insecure Direct Object Reference (IDOR) Explained 

sweeeeeet!!! huge fan! love the color scheme and pace!

LiveOverFlow haxed! xD Nice video as always!

I sure hope you do not stop with these tutorials, well done. please keep up with the great content and easy to understand lessons.

I am a huge fan of the way that you end your videos... That outro is so inspiring!!

Really nice breakdown of IDOR's! Subbed!

Another great video.. few more 101 videos, and this channel will be the go to channel for learning bug bounty or web security. keep up the good work!

I'm so happy that I don't have to explain things to people in a complex way by sending random links to people! :D I'm gonna share it across!

Oh God, I'm so glad I found your channel, you explaining it and so easy to understand.. I'll sub for that

Broo, The way you explain is just super smooth and very understandable Thank you so much

Many thanks for the explanation. Very well done! Please don't stop making videos.

Love your intro and outro :D and ur content as well

Underrated channel ! Subbed ❤️

Nice tutorial, I love your UI taste

Another awesome video. Thanks.

Wouuuuuu NICE DISCOVERY! great great job! thanks

Awesome !! Video Keep posting other Web vulnerabilities video also !!! Thanks !

Awesome video again. I have to say this is gonna be best youtube channel for learning web security. Please make a video on XXE too. 😀

What a way of teaching .great

Love you brother 😍 Waiting for more ❤ keep up the good work 🙏

Your videos are super cool for learning web app security. I don't have any hesitation to recommend this channel. Please try to make more videos covering at least OWASP TOP 10

I never heard of this, but it never came to my mind, not checking the privileges of the requesting identity, before returning or doing anything. But seeing how many developers are working im glad videos like this exist.

thank you dude, this helped me so much.

Just wanna say your videos are amazing :)

Awesome video. Thank you so much

Waiting for more Such Awesome videos

This is really awesome..... You really explained everything in such an easy way...... You should definitely continue uploading more videos on web security... Surely your channel will gain more likes and subscribers... 👍👍

Awesome video!! Thanks!

awesome voice , awesome explanation , awesome colors , overall fantastic video

Nice one.. keep going. . ;) Waiting for your video on FUZZING ❤️

very well explaind.. thanks aton 👏♥️

You should continue maaaaaaaaaaan continue doing stuff like this...

Awesome videos, it's easy to learn, thanks for sharing :D

LOVE YOUR VIDS

Loved the reference to LiveOverflow!

Awesome stuff!

You explain so well!!!!

I understand idor now, thanks 😀

I once ran into a website that simply had endpoints for fetching and arbitrarily modifying any user's data, and handled all the security logic in the browser. Including comparing the entered password with the user's actual password. In cleartext, of course. Oh, and that "modify user data" endpoint? It was more like an "upload file to users directory" endpoint. Which was vulnerable to directory traversal. And since you could specify any file extension...well, let's just say they had rather Pitiful Hack Protection.

great video ... love u brother

Nice explanation. Real talk😊

Awesome...!

Splendid!.

About that ending, few ideas, maybe the delete post after the check is a non-private internal webpage you can access directly, maybe the server to use is in the request and you can send a server you control, maybe there is a sql injection, or stored xss

Great Material

i love your content

That's great!

Awesome make video like this again please

Fun fact: google images suffer from IDOR too (or at least did a year or two back)

Awesome

you're too good in explaining although i request you to make videos on all the owasp top 10

Awesome!

Amazing..

That's why always use post or raw body json as params to get or post the data.

Cool !

Pretty cool.

I love you!! Keep up the good work.. can I take your knowledge?😂

Yes I have a question .... I play alot of chess .. and I thank god for chess softwares and chess engines that allow me to practice over and over things I have learnt ... until I get more confident ... and then I like how I can increase the levels as well ... Here's my question .... I have read things and watched your video on IDOR vulnerability ... but I want to practice it ... I want to try it out myself ... and then after I have mastered an easy level I want to be able to increase to harder ones ... are there any softwares or websites I can buy that has like 100's of IDOR vulnerabilities that I can use software to exploit and practice all night?? Thanks.

It's really hard to find this vulnerability now, almost every website out there use a token or some hidden id to check against

great

Quality Video as always... it would be nice it upload owasp top10 vuln :)...

Can you explain the adding a quote thing?

U r boss, bro!

I love you man 🤗

"Most of you might add a single of double quote at the end, because it's just an OCD thing at this point" I've never heard anything more relatable

What's the application are you using for draw your slides?

you are fantastic

Managed to find an IDOR in a government webapp. Had to send this to them to explain what went wrong 😂😂😂

Waiting for mores

i have accidentally found one of these in a ecommerce prodocts info site. There was this paid version of the site that will tell you the bset products and you could see for free the common products. But you could change the id in the url and it would not verify your account so you could see other products you are not suposed to the problem was the randomes of the id parameter.

Always implement permission when making an app inorder to restrict some to access other records

So much better explanation but which music did you use at the end /????

Our local math competition site had this error. It was running nearly the same (PHP!) code since 2003. (It did NOT use POST requests. IT USED A GET REQUEST!!!)

Wow. LiveOverflow 2.0 :O

They can never access it if I wrote my own server and I didn't implemented it.

lol what is AAA anymore if someone codes the gateway like for gigo

💓

Im a big dumb but I fucking understood ! Bravo well done 😂😂

Ah the php and flask different http?post_id=9&post_id=10

make more videos please.......

Great explaining the content...keep it up buddy. Why u won't come up with 2 videos a week, would be great 🙌

Most of these vulnerabilities worked back in the early stages of MySpace.

I discovered this vulnerability once on a school website without knowing the formal name. My PDF document with my data was 501.pdf and out of instinct I wondered if there was a 500.pdf and 499.pdf

would someone tell me how to make a video like this?:)

1337 Elite By Björn Gustavsson

Lifeoverflow has literally 1337 as userid?? havent seen use of leet in a long time ;D

Next improper acces control pleasee

introducing the new apple technology... iDOOR

iDoor: next generation smart lock technology, connects to your phone, fast validation

You explain more clearly than live overflow. Not that he doesn't explain well.

When you're insecure but also direct at the same time 😳😐

😍😘😗😙😚

Your sounds looks like jack rhysider

Why is LiveOverflow always the victim.........seems intentional.

LEET!

please make video about binary exploitation 😂

Pop filter? Those "p" sounds are kinda loud and distracting

we read "joetee" not "j" "w" "t" 😊👊🏻

everyone does this in roblox

1337😍😍😍❤❤❤

aaaw