DEV Community

ckq
ckq

Posted on

[jan2025] thm.jrpt-path. 3/n

[IDOR]

IDOR is an access control vulnerability, which stands for Insecure Direct Object Reference. This happens when the user input that was received is not checked or validated in server-side.

in this link, https://onlinestore.thm/order/1000/invoice there is a segment where the user can manipulate the order #.

One technique that was mentioned is to decode and encode the string and determine if there was any changes in the response.

Image description

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay