Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.

Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks.

Question 1 – What Insecure Direct Object Reference?

Ans:- Insecure Direct Object Reference occur when an application provides direct access to objects based on user supplied input. As a result of this Vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.

Question 2 – What are the Risk of Insecure Direct Object Reference?

Ans:- Insecure Direct Object Reference allow attackers to bypass authorization & access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belongings to other users, files in the system, & more. This is caused by the fact that the application takes user supplied input & uses it to retrieve an object without performing sufficient authorization checks.

Question 3 – How to prevent yourself from Insecure Direct Object Reference?

Ans:- Create a map within your CODE that maps objects that could be referenced internally to aliased terms which are exposed to the user.
For example:- An array of primary keys to a particular table might be mapped to a random sequence of integers. When the value is Submitted by the user, the number is matched to the real value. This prevents disclosure of the actual value & also limits what the user can alter.
Example:

       ‘default’ => ‘index.html’
       ‘account_summary’ => ‘account_summary.html’
       ‘user_profile’ => ‘user_profile.html’

• Values supplied by the user should be vetted through an access control function to verify that they do in fact have access.

DEMO - Comming Soon!

~ Hack the World and Stay Noob

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram