In this post, I would like to share some information on the Insecure Direct Object Reference (IDOR) vulnerability.

What is IDOR Vulnerability?


For those who are not familiar with IDOR vulnerability, it’s an attack type that accesses control vulnerability that is executed when the application is use the user-supplied input to access the object directly. Normally, IDOR vulnerability can be considered as most commonly associated with horizontal privilege escalation, but it can also arise in relation to vertical privilege escalation

Demonstration of IDOR vulnerability


The demonstration of the IDOR vulnerability is coming from the walkthrough which can be found here

Forgot Password Vulnerability


As been mentioned in the header above, we can click the forget password button and check on the valid account which “admin@perspective.htb”


The screenshot above is the request and response via burpsuite

Sadly, the account of “admin” users cannot reset the password at all. Therefore, we need to change our method where we request the password on our valid account and modify the “admin@perspective.htb” account

The request above comes from our valid account


We need to change the email address to admin@perspective.htb and click the forward button


As for the security question, we can enter a blank answer for all questions.


As a result, we can change the password to our own password for the admin account


The screenshot above shows how it looks like on burpsuite


Finally, we have successfully changed the password for the admin’s account


Let’s try to access the admin’s account by entering the credentials that we modified earlier.

Administrator’s Dashboard for the NPRS