Insecure direct object references (IDOR)

https://gitlab.com/jobertabma/vulnerable-code/-/tree/master/idor?ref_type=heads

Step 1: Understand the Vulnerability

• The index.php script takes an id parameter from the URL and uses it to query the secrets table in the SQLite database. There is no authorization check to ensure that the user is allowed to view the secret corresponding to that id.

Step 2: Create and Run the Bash Script

1.Create the Bash Script: Create a file named run_idor.sh and add the provided Bash script to it.

#!/bin/bash

echo $1 > _tmp/strip

php -S 127.0.0.1:8080 -t idor &

open 'http://127.0.0.1:8080/'

wait

- Explanation of the Script:

• echo $1 > _tmp/strip: This line writes the first argument passed to the script into a file named strip in the _tmp directory.

• php -S 127.0.0.1:8080 -t idor &: This line starts a local PHP server on 127.0.0.1 (localhost) at port 8080, serving files from the idor directory, and runs it in the background.

• open 'http://127.0.0.1:8080/': This line opens the default web browser and navigates to http://127.0.0.1:8080/.

• wait: This line waits for the background process (the PHP server) to finish

2.Make the Script Executable: Change the script's permissions to make it executable.

chmod +x run_idor.sh

3. Run the script:

4. press on your secret (#1) and modify the url to http://127.0.0.1:8080/?id=2

Expected Outcomes:

the page will display the secret corresponding to the provided id