{"id":908,"date":"2018-10-19T00:36:19","date_gmt":"2018-10-19T00:36:19","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw92\/?p=908"},"modified":"2018-10-22T22:52:03","modified_gmt":"2018-10-22T22:52:03","slug":"owasp-security-shepherd-insecure-direct-object-reference-solution-lsb-ls-blog","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/19\/owasp-security-shepherd-insecure-direct-object-reference-solution-lsb-ls-blog\/","title":{"rendered":"OWASP Security Shepherd \u2013 Insecure Direct Object Reference Solution \u2013 LSB \u2013 ls \/blog"},"content":{"rendered":"<p><a href=\"https:\/\/linuxsecurityblog.com\/2018\/09\/10\/owasp-security-shepherd-insecure-direct-object-reference-solution-lsb\/\"><br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/idor11.jpg\" alt=\"\" width=\"512\" height=\"512\" \/><\/a><\/p>\n<p>Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key.<\/p>\n<p><b>I<\/b>nsecure <b>D<\/b>irect <b>O<\/b>bject <b>R<\/b>eference (called <b>IDOR<\/b> from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format\/pattern used of the element in the storage backend side. The most common example of it (altrough is not limited to this one) is a record identifier in a storage system (database, filesystem and so on).<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/idor1.png?w=900\" alt=\"idor1\" \/><\/p>\n<p>This is the screen we are presented with. When we choose a name in the list and click on Show This Profile, we see a little sentence about that person.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/idor2.png?w=900\" alt=\"idor2\" \/><\/p>\n<p>As the page says, the key for the challenge is someone not in the list. We will need Burp to intercept traffic for this one (Burp comes as a default tool on Kali Linux). So, with the intercept on in Burp and hit the Show This Profile button.<\/p>\n<p><a href=\"https:\/\/shareasale.com\/r.cfm?b=1193747&amp;u=1803184&amp;m=59485&amp;urllink=&amp;afftrack=\" target=\"_blank\" rel=\"noopener\">REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!<\/a><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/idor3.png?w=900\" alt=\"idor3\" \/><\/p>\n<p>This is our packet intercepted with Burp. If we look closely at the bottom of the page we can see a user ID as the number 7. We changed that number to 8,9, -1 and 10 with no success. But 11 worked.<\/p>\n<p><a href=\"https:\/\/shareasale.com\/r.cfm?b=1193744&amp;u=1803184&amp;m=59485&amp;urllink=&amp;afftrack=\" target=\"_blank\" rel=\"noopener\">$299 WILL ENROLL YOU IN OUR SELF PACED COURSE \u2013 LFS205 \u2013 ADMINISTERING LINUX ON AZURE!<\/a><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/idor4.png?w=900\" alt=\"idor4\" \/><\/p>\n<p>That concludes this lesson. Thank you for reading and comment below, share and don\u2019t forget to follow to get more lessons in the near future.<\/p>\n<p><a href=\"https:\/\/linuxsecurityblog.com\/2018\/09\/10\/owasp-security-shepherd-insecure-direct-object-reference-solution-lsb\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format\/pattern &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/19\/owasp-security-shepherd-insecure-direct-object-reference-solution-lsb-ls-blog\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;OWASP Security Shepherd \u2013 Insecure Direct Object Reference Solution \u2013 LSB \u2013 ls \/blog&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-908","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=908"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/908\/revisions"}],"predecessor-version":[{"id":1194,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/908\/revisions\/1194"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}