Get IDOR In No Permission To Access Page

Summary

Kerstan, a bug bounty hunter, shares their experience of discovering an Insecure Direct Object References (IDOR) vulnerability on a website's restricted module by fuzzing the 'templatetypeid' parameter.

Abstract

In the latest installment of Bug Bounty Tuesday, Kerstan recounts their journey of uncovering an IDOR vulnerability on a target website. Despite initial challenges in finding exploitable areas, Kerstan persisted and utilized Burp Suite's Repeater to test the site's features after registering an account. The breakthrough came when they examined the data packets in detail, leading to the discovery of the 'templatetypeid' parameter within the module's path. By fuzzing this parameter, Kerstan successfully bypassed the permission restrictions and accessed the webpage, demonstrating the IDOR vulnerability. After documenting the findings, Kerstan reported the vulnerability, contributing to the security of the website. The article also includes visual aids and invites readers to support the author by clapping, following, or buying them a coffee.

Opinions

Kerstan believes in the importance of persistence and detailed analysis during bug hunting, emphasizing that initial lack of success should not deter further exploration.
The author values the sharing of knowledge and experiences within the bug bounty community, as evidenced by their invitation for readers to engage with their latest articles on Bug Bounty Tuesday.
Kerstan appreciates any form of support from the community, whether it's through engagement with their content or direct contributions via platforms like Buy Me A Coffee.
The author suggests that fuzzing parameters can be a key strategy in uncovering IDOR vulnerabilities, even in areas that appear to be secure and inaccessible without proper permissions.

Get IDOR In No Permission To Access Page — Bug Bounty Tuesday

Hello everyone, I’m Kerstan.

Today is Bug bounty Tuesday, I will share with you how to get a IDOR bug in no permission to access page.

So, let’s dive right in.

Image generated with PaintingForYou

During the bug bounty process, I encountered a target. After an initial round of information gathering about the target, I was unable to find any exploitable areas.

So, I began testing the various features of the website. I registered an account and logged in with it to view the site’s content.

After repeatedly testing with Burp Suite’s Repeater, I discovered a module which couldn’t be accessed without permission.

I felt that it should be possible to attempt a breakthrough, so I checked the burp data packets in detail, as follows:

Upon identifying the ‘templatetypeid’ parameter within the data packet, I thought of probing the current module’s path as ‘/template’, therefore leading me to conceive “/template?templatetypeid=fuzz”.

After fuzzing the parameter values, as anticipated, I successfully exploited Insecure Direct Object References (IDOR) to access the webpage. Subsequently, I compiled the report and reported this vulnerability.

If this writing has been helpful to you, please consider giving it a clap and following. Thanks bro.

Alternatively, you can just buy me a coffee here, any sort of support is much appreciated. Enjoy your reading.

If you want to learn more knowledge about Bug Bounty Tuesday, please be sure to take a look at my latest articles.

Get IDOR In No Permission To Access Page — Bug Bounty Tuesday

Get IDOR In No Permission To Access Page — Bug Bounty Tuesday

How To Get A XSSI Bug In Bug Bounty — Bug Bounty Tuesday

Account Takeover on International Exchange — Bug Bounty Tuesday

URL Redirection To DOM XSS on Hackerone Programs — Bug Bounty Tuesday

How I Discovered SSRF on Hackerone Program

How I Automatically Discovered SSRF on Hackerone Program

Subscribe Here.