تقييمات الطلاب
( 5 من 5 )
١ تقييمات
فيديو شرح Insecure Direct Object Reference Vulnerability Explained (IDOR) TryHackMe IDOR ضمن كورس اختبار اختراق المواقع شرح قناة Motasem Hamdan، الفديو رقم 12 مجانى معتمد اونلاين
Cyber Security Certification Notes & Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
(2nd link) Cyber Security Certification Notes & Cheat Sheets
https://shop.motasem-notes.net/collections/cyber-security-study-notes
Cyber Security Notes Membership Access
https://buymeacoffee.com/notescatalog/membership
Cybersecurity Direct Coaching & Mentoring
https://shop.motasem-notes.net/collections/coaching-and-mentoring-programs
Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
Get Strategic cyber security and tech insights weekly to your email by joining my newsletter below
https://buymeacoffee.com/notescatalog/membership
Blog Writeups
https://www.motasem-notes.net
In this video walk-through, we covered Insecure Direct Object Reference Vulnerability and how to exploit it. You're going to learn what an IDOR vulnerability is, what they look like, how to find them and a practical task exploiting a real case scenario.
Writeup
https://motasem-notes.net/insecure-direct-object-reference-vulnerability-explained-idor-tryhackme-idor/
TryHackMe IDOR
https://tryhackme.com/r/room/idor
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
Instagram
https://www.instagram.com/motasem.hamdan.tech
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:00 Introduction to IDOR (Insecure Direct Object Reference)
0:15 Setting Up the TryHackMe IDOR Lab
1:02 What Does IDOR Stand For?
1:14 Demonstrating an Example of IDOR
2:20 Testing URLs for IDOR Vulnerabilities
3:40 Changing Parameter Values to Exploit IDOR
4:01 Introduction to URL Encoding and Hashing
4:16 Common Encoding (Base64) and Hashing Algorithms (MD5)
4:41 Detecting IDOR with Multiple Accounts
5:16 Practical Example: Inspecting Requests
6:01 Identifying Vulnerable API Requests
7:11 Testing API for IDOR Exploits
8:20 Accessing Other Accounts via IDOR
8:52 Exposing Usernames and Emails
9:02 Questions and Answers for the Lab
10:02 Exploring Additional User Accounts
10:17 Conclusion and Key Takeaways