In this post, I would like to share some information on the Insecure Direct Object Reference (IDOR) vulnerability.

What is IDOR Vulnerability?

For those who are not familiar with IDOR vulnerability, it’s an attack type that accesses control vulnerability that is executed when the application is use the user-supplied input to access the object directly. Normally, IDOR vulnerability can be considered as most commonly associated with horizontal privilege escalation, but it can also arise in relation to vertical privilege escalation

Demonstration of IDOR vulnerability

The demonstration of the IDOR vulnerability is coming from the walkthrough which can be found here

Forgot Password Vulnerability

As been mentioned in the header above, we can click the forget password button and check on the valid account which “admin@perspective.htb”

The screenshot above is the request and response via burpsuite

Sadly, the account of “admin” users cannot reset the password at all. Therefore, we need to change our method where we request the password on our valid account and modify the “admin@perspective.htb” account

The request above comes from our valid account

We need to change the email address to admin@perspective.htb and click the forward button

As for the security question, we can enter a blank answer for all questions.

As a result, we can change the password to our own password for the admin account

The screenshot above shows how it looks like on burpsuite

Finally, we have successfully changed the password for the admin’s account

Let’s try to access the admin’s account by entering the credentials that we modified earlier.

Administrator’s Dashboard for the NPRS