Skip to content

Defending Against Cyberattacks: Deep Dive into Enumeration, IDOR, and Registration Flooding Tactics

Original Post: Account Takeover and DoS: Weaponizing Enumeration, IDOR, and Registration Flooding | by Tusharpuri | Sep, 2024

The content describes an exploration of an application’s functionality, specifically the ‘Edit Profile’ section. The author noticed that personal information could be modified, but the email field was greyed out, indicating its use as a unique identifier. By using a web proxy, the author discovered that emails were still being sent to the server and were not validated. Testing further, the author successfully altered an email, exploiting an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability allowed the author to change details of any user whose email had been identified, leading to unauthorized access and potential account takeovers, demonstrating a lack of proper authorization checks.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *