Oddawałeś krew? Twoje zaświadczenie w IKP miało przewidywalny identyfikator https://sekurak.pl/oddawales-krew-twoje-zaswiadczenie-w-ikp-mialo-przewidywalny-identyfikator/ #Aktualnoci #Teksty #IDOR #Ikp #Konto #Pacjent #Websec
#IDOR
Oddawałeś krew? Twoje zaświadczenie w IKP miało przewidywalny identyfikator
Jedną z podstawowych podatności aplikacji webowych jest IDOR (Insecure Direct Object Reference). Do jej wystąpienia dochodzi, gdy aplikacja udostępnia bezpośrednie odwołania do obiektów (np. zasobów) na podstawie identyfikatora przekazywanego przez użytkownika, nie weryfikując poprawnie uprawnień dostępu. W praktyce oznacza to, że aby uzyskać dostęp do zasobu, może wystarczyć znajomość (lub...
#Aktualności #Teksty #IDOR #Ikp #Konto #Pacjent #Websec
https://sekurak.pl/oddawales-krew-twoje-zaswiadczenie-w-ikp-mialo-przewidywalny-identyfikator/
Privilege Escalation Is Everything: 12 Real-World Chains That Lead to Full Account Takeover
This article discusses a collection of 12 privilege escalation chains that culminated in full account takeovers. The researcher identified and combined multiple vulnerabilities, including authentication bypass, authorization flaws, and information disclosure issues to gain elevated access. By exploiting these chained vulnerabilities, they obtained administrative privileges or compromised high-value accounts. For instance, one case involved an account with read-only permissions on a vulnerable forum platform. Leveraging IDOR (Insecure Direct Object References), the researcher manipulated post IDs to access other users' posts and gain write access. This allowed them to modify the password of a privileged user, escalating their own permissions. The impact was significant, as full account takeover often led to data breaches or unauthorized actions. No bounty amounts were disclosed in this article. To prevent such chains, validate inputs on multiple layers and implement least privilege principles for accounts and permissions. Key lesson: Vulnerabilities don't need to be critical; combining multiple issues can lead to serious consequences. #BugBounty #PrivilegeEscalation #Cybersecurity #WebSecurity #IDOR
🚨 Alleged breach targets Spain’s Ministry of Science
Threat actor claims IDOR flaw exposed passports, DNI/NIE records & financial data.
IDOR Lets Attackers Choose Your Payment Method
This article describes an IDOR (Insecure Direct Object Reference) vulnerability in a booking platform's payment flow. By modifying the booking_id parameter from one request to another, the researcher was able to force a different user's booking to use unavailable payment methods, such as Swish. This bypassed the core business logic that should have restricted specific services and stores to their appropriate payment options. To mitigate this issue, ensure thorough validation of all object references (booking_id, user_id, etc.) in requests and test state transitions and cross-context requests during security testing. Key lesson: Treat every object reference as a potential vulnerability #BugBounty #IDOR #WebSecurity #PaymentFlow
Jak można było usunąć czyjeś konto Firefox – podatność IDOR w API Mozilli
W interfejsie API Mozilli wykryto podatność Insecure Direct Object Reference (IDOR), która umożliwiała uwierzytelnionemu atakującemu korzystającemu z OAuth (np. logowania przez konto Google) usunięcie konta innego zarejestrowanego przez OAuth użytkownika, znając jedynie jego adres e-mail. Serwer nie weryfikował, czy sesja wysyłająca żądanie usunięcia należy do konta, które ma zostać usunięte.TLDR:...
#Aktualności #IDOR #Podatność #Websec
https://sekurak.pl/jak-mozna-bylo-usunac-czyjes-konto-firefox-podatnosc-idor-w-api-mozilli/
Jak można było usunąć czyjeś konto Firefox – podatność IDOR w API Mozilli https://sekurak.pl/jak-mozna-bylo-usunac-czyjes-konto-firefox-podatnosc-idor-w-api-mozilli/ #Aktualnoci #IDOR #Podatno #Websec
🔐 Bài viết ngắn về Secure Coding: hướng dẫn thực hành khắc phục lỗ hổng IDOR, tải file không an toàn và SQL Injection qua ví dụ lab. Rất hữu ích cho lập trình viên muốn nâng cao bảo mật mã nguồn. #SecureCoding #BảoMật #IDOR #SQLInjection #FileUpload #LậpTrình
🔓 Found critical vulns in Taimi (LGBTQ+ dating app) - all fixed, $10k bounty
What I found:
- "Expiring" videos didn't expire, URLs stayed valid forever
- Decrement attachment ID = anyone's private videos
- Location feature bypassed photo permission checks (why upload a map preview image through the photo system??)
- Fake system messages (made a Raid Shadow Legends sponsorship lol)
The good news: Taimi actually handled this right. Fast response, $10k bounty, everything fixed quickly. No lawyers, no threats.
This is how disclosure should work. Take notes, Lovense.
Full writeup: https://bobdahacker.com/blog/taimi-idor
#InfoSec #BugBounty #ResponsibleDisclosure #IDOR #Taimi #DatingApp #Security #Privacy #CyberSecurity #LGBTQ
I just completed Corridor room on TryHackMe. Can you escape the Corridor? #IDOR
https://tryhackme.com/room/corridor?utm_campaign=social_share&utm_medium=social&utm_content=room&utm_source=twitter&sharerId=60cb2598c59a6e0042c78aed #tryhackme via @RealTryHackMe
HTB Season Gacha | MonitorsFour — Полный путь от IDOR до Docker Desktop escape (WSL2) и root
Продолжая серию разборов в рамках сезонного ивента Season of the Gacha на HackTheBox, хочу поделиться прохождением MonitorsFour. Машина оказалась не самой сложной, но с неочевидным подвохом: Windows-хост с Docker Desktop, что добавило головной боли на этапе повышения привилегий. Признаюсь, меня поначалу сбило с толку, почему Nmap показывает Windows, а shell получается Linux, но об этом чуть позже. В машине реализованы IDOR, актуальные CVE и побег из Docker-контейнера, и на мой взгляд, отличный набор для отработки навыков. Давайте разбираться!
https://habr.com/ru/articles/978238/
#пентест #хакерство #hackthebox #ctf #pentesting #кибербезопасность #информационная_безопасность #idor #docker #cve
I just completed IDOR - Santa’s Little IDOR room on TryHackMe. Learn about #IDOR while helping pentest the TrypresentMe website. https://tryhackme.com/room/idor-aoc2025-zl6MywQid9?utm_campaign=social_share&utm_medium=social&utm_content=room&utm_source=twitter&sharerId=60cb2598c59a6e0042c78aed #tryhackme via @RealTryHackMe
Wielkopolskie Centrum Medycyny Pracy – zmieniając w przeglądarce numer ID, można było zobaczyć wyniki badań innych pacjentów.
Marcin zgłosił nam prostą do wykorzystania lukę / podatność. Otóż wykonywał badania w Wielkopolskim Centrum Medycyny Pracy i w jednym z systemów zaciekawił go numer, który był widoczny w źródle HTML, a był związany z wykonywaniem badania. Zmienił ten numer o jeden i… otrzymał dostęp do wyników badań innego pacjenta....
🚨 CVE-2025-13526 (HIGH): OneClick Chat to Order for WordPress (<=1.0.8) is vulnerable to IDOR. Attackers can fetch PII & payment info by changing order IDs in URLs. Disable plugin or enforce strict access controls now! https://radar.offseq.com/threat/cve-2025-13526-cwe-200-exposure-of-sensitive-infor-c69efaff #OffSeq #WordPress #IDOR #Infosec
🔴 CVE-2025-65021 (CRITICAL, CVSS 9.1) in lukevella Rallly <4.5.4: Auth’d users can finalize others' polls via IDOR, risking data integrity. Patch to v4.5.4 ASAP! Monitor & audit poll actions. https://radar.offseq.com/threat/cve-2025-65021-cwe-285-improper-authorization-in-l-d9b86aa6 #OffSeq #Rallly #Vuln #IDOR
it desperately needs to be blocked but I am back with a new #crochet #Cardgame #Coaster! This time, I made an #Intersex #Diamond! ♦️ It was not planned but it's very fitting for todays #IntersexDayOfRemembrance! #IDOR #handmade
IDOR: The Bug That Opens Doors Without Knocking
IDOR (Insecure Direct Object Reference) is an authorization vulnerability that occurs when applications expose direct object references (like user_id, order_id, document_id) in URLs or API requests without proper access control validation on the backend. The bug exploits the common developer assumption that authenticated users should only see their own data, but without server-side authorization checks, attackers can manipulate object references to access other users' data. Common exploitation involves changing sequential or predictable IDs in URLs (e.g., changing user_id=123 to user_id=124) to access other users' orders, profiles, or financial information. The vulnerability often has high impact due to potential data leakage of personal information, financial details, and privacy violations, making it highly valuable for bug bounty hunters and critical for organizations to fix. The author emphasizes this as a 'low effort, high impact' bug that requires minimal technical skill - just curiosity to test ID manipulation. Mitigation requires implementing proper server-side authorization validation, using indirect references like hashed or tokenized IDs, and enforcing strict access control checks for every request to ensure users can only access data they own. #infosec #BugBounty #Cybersecurity #IDOR
https://medium.com/@somnadh0000/idor-the-bug-that-opens-doors-without-knocking-6abbb9f9600f?source=rss------bug_bounty-5
What is IDOR?
IDOR (Insecure Direct Object Reference) is an authorization vulnerability occurring when applications directly access objects using user-controlled identifiers (IDs, filenames, tokens) without validating access permissions. The flaw stems from trusting client-supplied object references without server-side authorization checks. Exploitation involves manipulating resource identifiers like sequential numeric IDs (`/user/123` → `/user/124`), file parameters (`?file=user123.txt` → `?file=admin.txt`), or API endpoints (`/orders/456` → `/orders/789`). Advanced techniques include array-based batch access, HTTP method switching (GET blocked but POST allowed), UUID prediction, and parameter pollution. Attackers systematically enumerate and tamper with object references while authenticated as one user to access other users' resources. Impact ranges from unauthorized data access and PII exposure to privilege escalation and unauthorized content modification/deletion. This vulnerability class frequently yields high bounties due to its prevalence and severe business impact across industries. Mitigation requires implementing per-request authorization validation, using opaque indirect references that map to internal IDs, replacing predictable sequential IDs with cryptographically random UUIDs, and maintaining audit logging for anomalous access patterns. #infosec #BugBounty #Cybersecurity #IDOR #WebSecurity
https://medium.com/@cybersecplayground/what-is-idor-b8ec70302b87
🌘 UUID 難以保護你的機密:潛在的安全風險解析
➤ 揭開 UUID 在安全上的偽裝,探討其侷限性與最佳實踐
✤ https://alexsci.com/blog/uuids-and-idor/
這篇文章深入探討了 UUID(通用唯一識別碼)在保護機密資訊時常被誤以為是萬靈丹的迷思。作者以間接物件參考(IDOR)漏洞為例,說明即使使用難以猜測的 UUID,若 URL 洩漏,攻擊者仍可能透過瀏覽器歷史紀錄、日誌或意外分享等方式存取未經授權的資源。文章強調,真正的解決方案在於每次請求敏感資料時都進行嚴格的存取控制,並建議透過將檔案存取路由至網頁應用程式,或利用 AWS S3 的預簽名 URL 等方法,來確保資料安全。此外,文章也藉由 YouTube 的「不公開」影片功能,闡述了基於 URL 的權限管理所固有的風險。
+ 感謝作者點出 UUID 並非萬無一失的安全機制,讓我意識到 URL 洩漏纔是真正的威脅。
+ 文章對於如何根本性地解決 IDOR 漏洞提供了非常有價值的建議,尤其是在 S3 的預簽名 URL 部分。
#資訊安全 #漏洞 #UUID #IDOR
📢 L’app iOS Neon retirée après une faille exposant numéros, enregistrements et transcriptions d’appels
📝 TechCrunch rapporte qu’une *...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-26-lapp-ios-neon-retiree-apres-une-faille-exposant-numeros-enregistrements-et-transcriptions-dappels/
🌐 source : https://techcrunch.com/2025/09/25/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts/
#IDOR #application_iOS #Cyberveille
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst