Post

Beginner’s Guide to Finding Your First IDOR Vulnerability in Bug Bounty (Easy & Actionable Tips)

Posted Updated
By Aathil Ducky
1 min read
Beginner’s Guide to Finding Your First IDOR Vulnerability in Bug Bounty (Easy & Actionable Tips)

Tips for Finding Your First IDOR Vulnerability in Bug Bounty

I decided to learn about vulnerabilities for bug bounty hunting and chose IDOR as my first focus. I didn’t choose to start with XSS or SQL injection because they are harder to find nowadays. That’s why I decided to learn IDOR and access control-related vulnerabilities first.

IDOR occurs in a web application when it exposes object references (such as user IDs, filenames, or database entries) without proper authorization. An attacker can manipulate these references to gain unauthorized access to sensitive data or functionality.

IDOR vulnerabilities can be easy to find and can lead to severe impact.

1
2
3
4
5

IDOR
 |---Horizontal IDOR (Accessing Other Users' Data)
 |---Vertical IDOR (Privilege Escalation, Eg:- higer privilege like admin)
 |---Object-Level IDOR (Direct Access to Sensitive Objects)
 |---Function-Level IDOR (Unauthorized Action Execution)

Horizontal IDOR (Accessing Other Users’ Data)

attacker access data of other users at the same privilage level, a user changes their prifile ID in a request to view another user’s profiles.

original request:

1

GET /profile?user_id=101

alterted request:

1

GET /profile?user_id=102

if you can see 102 ‘s profile that is IDOR vulnerability

Vertical IDOR (Privilege Escalation)

low level privilege user perfoms high privilege actions , like admin or any higer roles

for example regular try to access admin user

GET /admin/delete_user?user_id=1002

if this request succeeds without authentication ,it have have an IDOR issues.

Object-Level IDOR (Direct Access to Sensitive Objects)

Attackers access or modify sensitive objects like files, invoices, or API resources.

GET /download/ducky_birth_123.pdf

change it like

GET /download/ducky_sensitive.pdf

if ducky_sensitive.pdf is download , it have IDOR issues

Function-Level IDOR (Unauthorized Action Execution)

Attackers perform restricted actions by modifying API requests.

A normal user tries to change another user’s email:

1
2

POST /update_email
Data: {"user_id": "1002", "email": "hacker@mail.com"}

if server update the user its serious IDOR vulnerability

i learn IDOR form insiderPHD and Pwnfunction youtube videos and portswigger academy

idor
idor
This post is licensed under CC BY 4.0 by the author.