PortSwigger Labs

By /

PortSwigger Labs

Insecure direct object references IDOR

1: Register your account on PortSwigger.

Website: https://portswigger.net/users/register

2: Open the Lab: Insecure direct object references.

Website: https://portswigger.net/web-security/access-control/lab-insecure-direct-object-references

3: Access the LAB.

Lab Insecure direct object references IDOR 1

4: Select the Live chat tab.

Lab Insecure direct object references IDOR 2

5: Open the Burp Suite.

6: On the Intercept.

7: Second, a message, and then select View transcript.

Lab Insecure direct object references IDOR 3

8: Refresh the Live Chat page.

Shortcut key: f5

9: View the transcript.

10: Send to the Repeater.

Shortcutkey: ctrl + r

Lab Insecure direct object references IDOR 4

11: Send the data.

Lab Insecure direct object references IDOR 5

12: Follow the redirection.

Lab Insecure direct object references IDOR 6

13: Change the Parameter and find the password.

Note: Remove the 3.txt and add the 1.txt.

Lab Insecure direct object references IDOR 7

14: The password is?

Password: hl86m5x4uyvuai88ox6p

15: Off the Intercept.

16: Log in to the account.

17: The Username and Password?

Lab Insecure direct object references IDOR 8

Username: carlos

Password: hl86m5x4uyvuai88ox6p

18: The LAB has been completed.

Lab Insecure direct object references IDOR 9

Burp Suite

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top