How I hacked into a college’s website to obtain the student’s database.
Hello everyone!
I hope everything is well.
Today, I'll discuss my research.
Before the tale begins, let's take a closer look at these findings.
IDOR:-
When a methodology uses user-supplied input to directly access objects, an access control vulnerability known as an insecure direct object reference (IDOR) results.
The security flaw known as "IDOR" stands for Insecure Direct Object Reference, which is frequently discovered in web applications. When an application permits direct access to internal resources or objects without the necessary authorisation or validation, it happens. Attackers may take advantage of this flaw to gain unauthorised access to data or manipulate sensitive resources.
So let's Start
After Login with real credentials.You will redirect to Profile.
Now Intercept request burp proxy.
You can See the student ID so let's change the ID and see if It works or not
0 Comments