User Password Enumeration - hpAndro Vulnerable Application Challenge

Опубликовано: 02 Июль 2021
на канале: Android AppSec

358

🚩 CTF Link : http://ctf.hpandro.raviramesh.info
♚ All application on Playstore: https://play.google.com/store/apps/de...
♛ Consolidate challenges app: https://play.google.com/store/apps/de...
🔊 YouTube Channel:    / androidappsec
🟦 Facebook Page:   / hpandro1337
🔷Twitter handle :   / hpandro1337

--------------------------------------

Insecure direct object references (#IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the #OWASP 2007 Top Ten. However, it is just one example of many access control implementation mistakes that can lead to access controls being circumvented. IDOR vulnerabilities are most commonly associated with horizontal privilege escalation, but they can also arise in relation to vertical privilege escalation.

Here, the emp number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, and view the records of other customers. This is an example of an IDOR vulnerability leading to User Password #Enumeration

Смотрите видео User Password Enumeration - hpAndro Vulnerable Application Challenge онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Android AppSec 02 Июль 2021, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 35 раз и оно понравилось 1 людям.