I found an IDOR vulnerability in my college website!
Hey guys!
Vishnu here. I am back with another article that might excite you if you’re fond of ethical hacking or bug bounty. Ever watched the movie the social network? I am sure you’ll get a glimpse of it at the end of this article.
Back to my freshmen year, I was just beginning to explore stuffs. One day, I was simply viewing my college website, technically a student portal, for some reasons. I was just tinkering around it, and casually opened my profile picture in a new tab, which is actually my photo taken during college admission.
I couldn’t see my picture there. It was just like a binary file that you’ll encounter if you open an image in a notepad. What surprised me is, I saw my roll number in the URL. I attempted to change the parameter to a different parameter, and noticed that the binary file also changes.
I felt that was amazing! I tried saving the file as JPEG, and previewed the image in my computer, and you know what? It rendered the picture!
So, for those who don’t know, it is known as Insecure Direct Object References, i.e. attempting to gain access to sensitive information without proper authorization. (Don’t worry, I wasn’t even aware of these terms back then ;p)
Following that, my evil mind came up with an idea. What if we could change the parameter repeatedly with different roll numbers and see if I could download all the images? Similar to the hacking scene in the social network ;)
So, I wrote a python script to brute force and download images of all students just by changing the roll number (which follows certain pattern). It wasn’t a big deal, but I was on cloud nine, as I was just getting to know how stuffs work. Later that day, I reported the bug to the concerned faculties.
This is my first ever bug, and still my favourite one.
Here is the YouTube link of PoC,
Follow/Subscribe me for more interesting stories. Happy hacking!
