Most of the time when I want to find vulnerabilities in web applications I always like to poke around the authentication parts of the web application (as they are very interesting attack vectors). So, I always capture the POST requests with Burp Suite’s proxy and begin fuzzing the form parameters.
It wasn’t until I forwarded the request did I realize some interesting parameters within the POST body;
Exploitation - POST Parameters:¶
Looking closely at the mentioned parameters, I discovered an interesting parameter,
Signup[role_id]. So, I thought if
Signup[role_id] parameter takes the actual ‘role id’ then I could leverage my privileges into Super Admin’s privileges.
From the request above,
Signup[role_id] takes an ID - a value that depicts the category/user-level of a web application user.
So, I decided to edit the
Signup[role_id] value (replacing the existed value with 1) and repeated the POST request.
In a matter of seconds I was presented with a Super Administrator’s dashboard. Whew! ;P
These flaw was properly reported and immediately fixed.
What’s the lesson behind these article?¶
Going straight to the point.
What I was exploiting throughout the article is a vulnerability known as Insecure Direct Object Reference A.K.A IDOR. Most developers overlook this vulnerability especially because they trust the user side. But with the epic growth of the Cybersecurity realm and emergence of sophisticated cybersecurity attacks, developers aren’t advised to trust the user side anyway.
IDOR could cause loss of confidential data, modification of data and sometimes leads to privilege escalation attacks. For example, a malicious hacker could insert arbitrary prices on products to be bought on an e-commerce site and eventually purchase the products at very lower prices.
It is recommended to use less obvious values that won’t be easy to enumerate as a reference. For example a random string value instead of incrementing values (be integers/strings).
- “Testing for Insecure Direct Object References”
- “Insecure Direct Object Reference Vulnerability”
- “IDOR PDF”
Thanks, made by ❤️