DEV Community

ckyoo
ckyoo

Posted on

[jan2025] thm.jrpt-path. 3/n

[IDOR]

IDOR is an access control vulnerability, which stands for Insecure Direct Object Reference. This happens when the user input that was received is not checked or validated in server-side.

in this link, https://onlinestore.thm/order/1000/invoice there is a segment where the user can manipulate the order #.

One technique that was mentioned is to decode and encode the string and determine if there was any changes in the response.

Image description

Top comments (0)

👋 Kindness is contagious

Take a moment to explore this thoughtful article, beloved by the supportive DEV Community. Coders of every background are invited to share and elevate our collective know-how.

A heartfelt "thank you" can brighten someone's day—leave your appreciation below!

On DEV, sharing knowledge smooths our journey and tightens our community bonds. Enjoyed this? A quick thank you to the author is hugely appreciated.

Okay