Your content is amazing. I'm a beginner to bug bounty hunting and I have learned a lot things from you. I really appreciate your content and your contribution to the community. Thank you Katie..
Informative..!!..Please also add link of related videos in the description..it would help people like me as I haven't seen that "firefox containers" video. Thanks for the video..💖
Yes if you are accessing your own account, here the cookie trick is to change the cookies to act like you are logged into one account but you can change another!
Hello Katie, First of all thank you so much for providing us such information. I've a question I was hunting on a bug bounty platform and I found a end point which is vulnerable to IDOR cookie manipulation as I interchanged the cookie of two account and it worked but the triage team responded by marking it as NON-APPLICABLE as they quoted "It's not worth it as you have to have cookies of both attacker as well as victim account" can you tell me if it's a Valid bug or it needs to land on NON APPLICABLE category...? Thanks agian.
Because when you use an endpoint with cookie A you’re affecting user A and with user Bs cookie you’re affecting user B. That is how it’s supposed to work and it’s intentional.
please i want this video How to become a cyber security analyst full road map Topic is after 12 what should I do, with BCA, skills , course, jobs , salary, which is best and which in demand in future ( Web Exploitation, Cryptography, Reverse Engineering, Forensics, General Skills, Binary Exploitation) Almost full road map Please 🙏🙏
Hi Priyam, it's hard to give you a roadmap without knowing you well, but this I think is a REALLY good graph - www.linkedin.com/pulse/map-cybersecurity-domains-version-20-henry-jiang-ciso-cissp as for what to learn it completely depends on what interests + excites you! Any jobs in security are going to be in demand so the world is your oyster!
Just FYI. in the IDOR videos of yours that I've watched, you've never explained what IDOR stands for. Looks like it's Insecure direct object reference. Learned about you from The Cyber Mentor (TCM).
An IDOR occurs when one user (B) can access something they shouldn't, eg something on another user (A)'s account. So to test for that we do something on A's account, then repeat the request changing the cookies from A->B, if that then impacts As account, it means you could login as anyone and access anyones stuff.
Im confused a little bit. Sorry. What if the cookie of user A contains user 's credentials like user id encoded in it. So if i will change the request of user B' s cookie to uaer A's cookies, it would be just like User A is sending the request right? So it's not an idor if that's the case right?
Hey Katie ! Let's say I have found a cookie based IDOR , but this falls in the category of MITM because you have to steal cookies first !🤔 Is this an false positive ?
Is there any getting started video for any platform like hackerone, bugcrowd. I mean how to setup account ,start real target and report issue like that. Thank you