Task 1 What is an IDOR

What does IDOR stand for?

"Insecure Direct Object Reference"

 

Task 2 An IDOR Example

 

 

As stated in the description, we change the 1234 value assigned to us in the URL address to 1000.

 

What is the Flag from the IDOR example website?

"THM{IDOR-VULN-FOUND}"

 

Task 3 Finding IDORs in Encoded IDs

 

What is a common type of encoding used by websites?

"base64"

 

Task 4 Finding IDORs in Hashed IDs

What is a common algorithm used for hashing IDs?

"md5"

 

Task 5 Finding IDORs in Unpredictable IDs

What is the minimum number of accounts you need to create to check for IDORs between accounts?

"2"

 

Task 6 Where are IDORs located

Read the above.

No answer needed

 

Task 7 A Practical IDOR Example

 

 

 

 

What is the username for user id 1?

"adam84"

 

What is the email address for user id 3?

"j@fakemail.thm"