• 10:56 pm
  • Wednesday
  • January 22, 2020

Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (although is not limited to this one) is a record identifier in a storage system (database, filesystem and so on).

Learn more about IDOR via the OWASP Cheatsheet.

Some links about IDOR-

Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE)

How I could delete Facebook Ask for Recommendations post’s place objects in comments

Stories Of IDOR-Part 2

Inf0rM@tion Disclosure via IDOR

GraphQL IDOR leads to information disclosure

cat ~/footstep.ninja/blog.txt

HTTP Request Smuggling + IDOR

cat ~/footstep.ninja/blog.txt

cat ~/footstep.ninja/blog.txt