Insecure Direct Object Reference (4)
Guessing & Predicting Patterns
View Your Own Profile Another Way
The application we are working with seems to follow a RESTful pattern so far as the profile goes. Many apps have roles in which an elevated user may access content of another. In that case, just /profile won’t work since the own user’s session/authentication data won’t tell us whose profile they want view. So, what do you think is a likely pattern to view your own profile explicitly using a direct object reference?
Solution
💡 Look at the previous request for profile, this is similar 💡 You will need data from the previous request for your own profile 💡 Append your id to the previous request (i.e. .../profile/{yourId})
Open the Development Tools in the browser, and go to the Network tab.
In the lesson 3, click on View Profile.
Locate the query to
blind
in the Network tab and click on Response.Notice the paramter userID, the expected answer is WebGoat/IDOR/profile/userID_value.
Last updated