Skip to main content

One post tagged with "Insecure Direct Object Reference (IDOR)"

Insecure Direct Object Reference (IDOR) is a vulnerability that allows an attacker to access and manipulate sensitive data or resources by manipulating the reference to those objects, such as database IDs or file paths. This occurs when an application uses user-controlled input to directly access and manipulate internal system objects without proper validation, allowing attackers to view, edit, or delete sensitive data.

View All Tags

HTB | Oopsie | Write-Up

· 16 min read

Summary:

This article guides users through completing the Oopsie machine challenge on Hack The Box. The steps outline a hacking scenario, from initial connection testing and scanning to exploiting vulnerabilities in a web application, including IDOR, cookie manipulation, and SUID exploitation, ultimately leading to gaining admin access and finally grabbing the root flag.

Machine Name: Oopsie | Difficulty: Easy | OS: Linux