v09025g40000cf39fmjc77u5guvou4gg

Apr 23, 2026 19:45 · 1:54 · English · Whisper Turbo · 2 speakers
Бу транскриптның вакыты бетә 9 Бер көн. Кайвакытлы саклау өчен яңарту →
Lecture Index
Тик күрсәтү
0:00
S… Speaker 1 (v09025g40000cf39fmjc77u5guvou4gg)
This is Eidor in 100 seconds. An Eidor or an insecure direct object reference is an access control vulnerability caused by a user-controlled identifier pointing to an object.
0:14
S… Speaker 1 (v09025g40000cf39fmjc77u5guvou4gg)
Consider the example where a bank allows users to check their payments. Every payment has an incremental ID and can be viewed at slash payment slash ID. Let's say that I have a payment with ID 5697. Then I might wonder, well, what is the payment with ID 5698? If there's no proper access controls in place and I can access someone else's payment, then I found an IDOR.
0:40
S… Speaker 1 (v09025g40000cf39fmjc77u5guvou4gg)
The impact of an IDOR can range from being able to leak sensitive data to being able to perform actions as another user. It's a vulnerability that's hard to detect by defenders and easy to exploit by hackers.
0:54
S… Speaker 1 (v09025g40000cf39fmjc77u5guvou4gg)
Oftentimes people think that just using UUIDs is a fix for an IDOR. However, UUIDs do not provide any security mechanisms and should always be accompanied by the right access controls. When testing for IDOR vulnerabilities, try to find calls that require your ID and replace that ID with another one. If the call still works then you may have found an IDOR.
1:20
S… Speaker 1 (v09025g40000cf39fmjc77u5guvou4gg)
IDORs can get more complex however. See if globbing works, if there is another version of the API, see if you can replace the request's content type, see if you can change the ID to an array, try to change the extension. All of these tricks may allow you to find IDORs that others may have missed. This has been IDOR in 100 seconds. For more information, check the resources in the description. Which vulnerability would you like to see us cover next?
1:48
S… Speaker 2 (v09025g40000cf39fmjc77u5guvou4gg)
Let us know down in the comments.

This transcript was generated by AI (automatic speech recognition). May contain errors — verify against the original audio for critical use. AI policy

❤️ STT.aiне яратасызмы?
Тиздән
Бу терминның берничә мәгънәсе бар: Транссибирь тимер юлының Транссибирь бүлекчәсе
Тиздән...
Бу транскрипция турында АА-дан сорагыз
Бу ысулның төп өстенлеге — ул җөмләнең эчтәлеген һәм аның эчтәлеген аңлатучы җөмләләрне аерып күрсәтә.
Башкасын күчерү