Tag feed

#idor

28 posts3 followers

Explore Hashnode

Alternatives

Trending tags this week

JJebitoksharonjebitok.comJun 3 · 25 min read

API Pentesting (TryHackMe)

Link to the Walkthrough & Challenge on TryHackMe: API Pentesting Introduction An API (Application Programming Interface) is a structured interface that enables software components to communicate with

0

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.devMar 21 · 29 min read

1 Introduction In this post, the API Security vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks across all security levels is to exploit weaknesses in

0

JJebitoksharonjebitok.comMar 5 · 6 min read

Love Letter Locker (TryHackMe) - IDOR

Lover Letter Locker is a Valentine's-themed web application that allows users to create and store love letters. The challenge description hints at privacy concerns with "For your eyes only?" - suggest

0

CCyberFreak999cyberfreak.hashnode.devFeb 22 · 4 min read

How to Test for IDOR Vulnerabilities

You log into a web app to download your invoice. The URL looks harmless: https://example.com/invoice?id=4521 Out of curiosity, you change the number to 4520. You suddenly see someone else’s invoice.

0

JJebitoksharonjebitok.comJan 10 · 20 min read

OWASP Top 10 2025: Application Design Flaws (TryHackMe)

After exploring IAAA (Identity, Authentication, Authorization, and Accountability) failures in the previous room, I moved on to what many consider the most challenging category of vulnerabilities to fix: Application Design Flaws. Unlike authenticatio...

0

NSNull Sirynctfs.hashnode.devJan 1 · 4 min read

Multifactorial CTF Writeup: Bypassing MFA via WebAuthn Exploit

Challenge Description Category: Web exploitationAuthor: thee2d Modern authentication relies on more than just a password. Something you know, something you have, and something you are. Together, they're meant to provide layered security that can with...

0

NSNull Sirynctfs.hashnode.devJan 1 · 5 min read

Kramazon CTF Writeup: Cookie Forgery & IDOR Exploit

Challenge Description Category: Web exploitationAuthor: thee2d Intelligence analysts from the North Pole Logistics Directorate (NPLD) have uncovered a covert online storefront operated by the KRAMPUS Syndicate. Its name? Kramazon. Looks familiar. Wor...

0

ZOZeroTrust Opsnavyacyber.hashnode.devDec 27, 2025 · 3 min read

Day 5 – Bypassing Security with Santa’s Little IDOR

The Mission: Trouble at TryPresentMe The 24-hour marathon continues in Wareville, where the town is on high alert due to the disappearance of McSkidy. The support team for the TryPresentMe website has been inundated with calls from parents unable to ...

0

JJebitoksharonjebitok.comDec 6, 2025 · 12 min read

IDOR - Santa’s Little IDOR (TryHackMe) 🧑‍🎄🎉

In this write-up, we’ll walk through the “IDOR on the Shelf” challenge and break down the key concepts behind Insecure Direct Object References. Rather than just following the steps mechanically, we’ll explore why IDOR happens, how to identify it in ...

0

VRVivek Redhustarting-out-in-cybersec.hashnode.devDec 6, 2025 · 3 min read

IDOR - Santa’s Little IDOR | Advent of Cyber | TryHackMe

Learning Objectives Understand the concept of authentication and authorization Learn how to spot potential opportunities for Insecure Direct Object References (IDORs) Exploit IDOR to perform horizontal privilege escalation Learn how to turn IDOR ...

0

#idor

Search Hashnode

#idor

Explore Hashnode

Trending tags this week

API Pentesting (TryHackMe)

API Security in DVWA

Love Letter Locker (TryHackMe) - IDOR

How to Test for IDOR Vulnerabilities

OWASP Top 10 2025: Application Design Flaws (TryHackMe)

Multifactorial CTF Writeup: Bypassing MFA via WebAuthn Exploit

Kramazon CTF Writeup: Cookie Forgery & IDOR Exploit

Day 5 – Bypassing Security with Santa’s Little IDOR

IDOR - Santa’s Little IDOR (TryHackMe) 🧑‍🎄🎉

IDOR - Santa’s Little IDOR | Advent of Cyber | TryHackMe