A1:2021 | Insecure Direct Object Reference (4) | Cycubix Docs
Last updated
Last updated
To view your own profile explicitly using a direct object reference in a RESTful application, a common pattern is to use /profile/me
. This route is typically mapped to the authenticated user's profile data, making it easily distinguishable from /profile/{userId}
paths that are used to view other users' profiles.
So, what do you think is a likely pattern to view your own profile explicitly using a direct object reference?
Look at the previous request for profile, this is similar
You will need data from the previous request for your own profile
Append your id to the previous request (i.e. .../profile/{yourId})
To find the solution we need to understand how URL parameters or paths can be manipulated to access information you should not access under normal circumstances. This is done by exploiting an Insecure Direct Object Reference (IDOR) vulnerability.
Let's start by opening the Developer Tools. Go to the "Network" tab to monitor network requests when you perform actions on the page.
Look for requests that include object IDs in the URL or request parameters.
Let's check Zap, see the path in the request.
You can know that viewing Profile is to request the URL of "WebGoat/IDOR/profile".
We know from the previous exercise that the userid is 2342384.
So, the correct answer is "WebGoat/IDOR/profile/2342384".