Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Zap for IDOR

Recap of IDOR:

Occurs when applications expose internal object identifiers (like user IDs or filenames) without proper authorization checks, allowing attackers to access or modify other users’ data.

I have discovered this tool with this level: IDOR - Santa’s Little IDOR

Image of an IDOR bug

You can access to storage section and see that they store your access through a simple id: Image of the storage

Now you can update it by hand and refresh to see the panel of another one.

Now let’s scrap it with zap: Image of the IDOR As you can see we found the request, let’s automate: fuzz image

We got some pretty result let’s find out. Image of the result Just need to take a look for now !