Hey there, my name is karan sharma. And i’m back with a story of IDOR and why i think you should know about it.
Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side.
So basically if you can CRUD (or any) the objects that doesn’t belongs to you or you lacks permissions to do so otherwise, then it’s an IDOR!
So Now you can find IDORs right?! yeah…
Hi i’m Karan sharma. My first bounty was based on stored-xss, let’s talk about it.
So i’m very new to bug bounty and I actually started hunting on paid targets a month ago via hackerone.
I picked a private target based on actual application’s functionality, as I suck at reconnaissance.
I was testing as usual, getting familiar with different features of application.
But there was this feature where user can create hierarchal steps and can link those steps with other functions like displaying date and other stuff…
There was one more interesting feature where user can import & export the…
a compSci student