An Insecure Direct Object Reference (IDOR) vulnerability appears when a parameter gains access to a certain resource. By modifying this parameter, it is possible to access other resources that are not authorized for this user. Usually the affected parameters are used as control for the application's flow, for example, the named id, uid, r, url, ur, and so on.
These kinds of vulnerabilities could be detected using the Target tool in Burp Suite. Similar to the CSRF detection, the more URLs you detect, the more possibilities there are to find vulnerabilities:
- To add a target to the scope, go to Burp Suite, and using the secondary button of the mouse, click on Add to the scope option.
- Then go to the Target tool, and click on the Scope tab. Here you will see listed all the URLs, domains, and sections added to the scope. If you want you can limit the Burp Suite's history just to log requests in the scope, but I do not recommend that, because sometimes it is useful to detect calls to external sites. As shown in the following screenshot, it is possible to see the current scope in our Burp Suite instance:
Now, using the filters in the Target tool, look for the following searches:
-
- id
- uid
- url
- p
- r
- u
- =
- =http
- =/
Using them you can find references to resources where it is possible to find vulnerable points. After a possible injection point is found, try to modify the resources, as will be shown in the next chapter.