What are IDORS
An IDOR (Insecure Direct Object Reference) happens when a web app lets you access data or actions by supplying a simple identifier (like a user ID or file number); if the app doesn’t check whether you’re allowed to use that identifier, an attacker can change it (for example, in the URL or a form) to view or modify other users’ data—a common and powerful bug to look for in bug bounty hunting.
Here you see that we are in a simple shopping website that I am legally alowed to perform this attack on (very important).
Lets open up my favorite program for Web App pentesting Burpsuite and see what this basket page looks like in the program
Here I went ahead and highlighted the request that represents the basket page we were on, let's go ahead and send that to the repeater by right clicking it and clicking "Send to Repeater"
Hmm, First thing I notice is right at the top where it says Basket/0/ that 0 may be some sort of id we can manipulate to see other baskets. Lets go ahead and change the 0 (our basket id) to 1 (someone elses basket id). Lets see the results.
Look at the response! It seems that it belongs to user 1 and that they have no cupon activated (if they did we may have been able to steal that for ourselves) and they have 2 orders of apple juice in their basket.
Using techniques like this we could try and even fake our entire user. We saw that they use a field called userId: so maybe in the future we could change our user Id value to 1 and fully take over the account! Using IDORS to change out account id to someone elses or even just a basket id could open up all sorts of information people don't want us seeing such as payment info or email addresses and passwords.