Portswigger - Access Control - Lab #9 Insecure direct object references (IDOR) скачать в хорошем качестве

Portswigger - Access Control - Lab #9 Insecure direct object references (IDOR)

Hello Hackers, in this video of insecure direct object references (IDOR). You will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:25 - What's IDOR ? 2:31 - Test live chat 3:38 - Check View Transcript button 4:30 - Test /download-transcript endpoint 5:47 - Login as Carlos user 🔍 About the Lab Lab: Insecure direct object references Level: Apprentice This lab stores user chat logs directly on the server's file system, and retrieves them using static URLs. This lab stores user chat logs directly on the server's file system, and retrieves them using static URLs. 🔗 Resources Insecure Direct Object Reference Prevention Cheat Sheet: https://cheatsheetseries.owasp.org/ch... OWASP Top 10: https://owasp.org/www-project-top-ten/ ✅ What to do ? 1. Select the Live chat tab. 2. Send a message and then select View transcript. 3. Review the URL and observe that the transcripts are text files assigned a filename containing an incrementing number. 4. Change the filename to 1.txt and review the text. Notice a password within the chat transcript. 5. Return to the main lab page and log in using the stolen credentials. Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋 #WebSecurityAcademy #portswigger #vulnerability