Scribd
Upload
10 views

Lab6 Access Control Vulnerabilities - IDOR

The document outlines Lab 6's focus on Insecure Direct Object References (IDOR) and their security implications for web applications. It details how IDOR vulnerabilities can be exploited by attackers to gain unauthorized access to sensitive data and perform unauthorized actions. The lab requires students to answer specific questions about IDOR, perform a challenge, and submit a report with their findings and a demonstration video.

Uploaded by

daoquangviet2003
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
10 views

Lab6 Access Control Vulnerabilities - IDOR

The document outlines Lab 6's focus on Insecure Direct Object References (IDOR) and their security implications for web applications. It details how IDOR vulnerabilities can be exploited by attackers to gain unauthorized access to sensitive data and perform unauthorized actions. The lab requires students to answer specific questions about IDOR, perform a challenge, and submit a report with their findings and a demonstration video.

Uploaded by

daoquangviet2003
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Lab 6: Access control vulnerabilities - IDOR

Objective:
- We will explore the concept of Insecure Direct Object References (IDOR) and understand
how it poses a significant security threat to web applications.

Name: Đào Quang Việt


ID: HE176173
Class: IA1803-AS

In this lab, students need to:


 Answer the following questions:
o What is an Insecure Direct Object Reference (IDOR), and how does it present a security
risk in web applications?

An Insecure Direct Object Reference (IDOR) is a type of access control vulnerability that
occurs when an application allows users to access or modify objects (such as database
records, files, or resources) by directly referencing them without proper authorization
checks.

o How can attackers exploit IDOR vulnerabilities in a website, and what are some common
techniques used in such attacks?

Attackers exploit Insecure Direct Object Reference (IDOR) vulnerabilities by


manipulating object references (such as user IDs, order numbers, or file names) to gain
unauthorized access to data or perform actions on behalf of other users.
Some common techniques:
Attackers modify URL parameters to access unauthorized resources.
APIs often expose endpoints that accept object IDs, which attackers can manipulate.
o What types of functionality or data in a website can be affected as a result of an IDOR
vulnerability being exploited?

Some areas that can be affected:


IDOR can allow attackers to view, modify, or delete user account data, leading to
privacy breaches.
Attackers can access or modify financial transactions, invoices, or credit card details.
Companies may store confidential reports, internal documents, or private customer
records that could be exposed.

 Perform challenge:
o Insecure direct object references
 Explain and capture all steps (full windows screen capture).

Insecure direct object references

Vào live chat


View transcript

Xem repont của downloadt-transcript/2.txt ta sẽ thấy cuộc trò chuyện vừa rồi
Send to Repeater

Ta thấy có 2.txt vậy thì sẽ có 1.txt, ta sẽ sửa ở đây và send


Ta nhận được cuộc trò chuyện trước đó và trong đó có thông tin về mật khẩu

Thử đăng nhập tài khoản carlos với mật khẩu vừa rồi
Ta đã hoàn thành bài

Submit a report addressing all the questions mentioned above in either PDF or Markdown format.
Additionally, include a video demonstrating the detailed process of your work to ensure the
authenticity of your lab exercise.
The report file name must be Class_YourStudentID _YourName_Lab6

You might also like