Student Reviews
( 5 Of 5 )
1 review
Video of Insecure Direct Object Reference Vulnerability Explained (IDOR) TryHackMe IDOR in Web PenTesting course by Motasem Hamdan Cyber Security & Tech channel, video No. 33 free certified online
In this video walk-through, we covered Insecure Direct Object Reference Vulnerability and how to exploit it. You're going to learn what an IDOR vulnerability is, what they look like, how to find them and a practical task exploiting a real case scenario.
Receive Cyber Security Field, Certifications Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
Writeup
https://motasem-notes.net/insecure-direct-object-reference-vulnerability-explained-idor-tryhackme-idor/
TryHackMe IDOR
https://tryhackme.com/r/room/idor
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
Instagram
https://www.instagram.com/mastermindstudynotes/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:00 Introduction to IDOR (Insecure Direct Object Reference)
0:15 Setting Up the TryHackMe IDOR Lab
1:02 What Does IDOR Stand For?
1:14 Demonstrating an Example of IDOR
2:20 Testing URLs for IDOR Vulnerabilities
3:40 Changing Parameter Values to Exploit IDOR
4:01 Introduction to URL Encoding and Hashing
4:16 Common Encoding (Base64) and Hashing Algorithms (MD5)
4:41 Detecting IDOR with Multiple Accounts
5:16 Practical Example: Inspecting Requests
6:01 Identifying Vulnerable API Requests
7:11 Testing API for IDOR Exploits
8:20 Accessing Other Accounts via IDOR
8:52 Exposing Usernames and Emails
9:02 Questions and Answers for the Lab
10:02 Exploring Additional User Accounts
10:17 Conclusion and Key Takeaways