My Bug Hunting Journey with IDORs Part 1
Hi, Bug hunters, In this write-up, I will tell you how I accidentally became a bug-hunter. It’s all about my journey how I started. I want to tell you that I am not good at English, I apologize if I do any mistakes in the write-up.
It was the last year of my college and I was renewing my scholarship form through my friend’s laptop. when I was updating my contact no or other details, I have noticed some encoded text on the URL.
That time I have no idea what was that, so I immediately search on Google and found a tool called hash analyzer.
I used that tool to identify that encoded text and found it was base64 encode, I found a tool called the Base64 decoder to convert in text.
After converting that Base64 encode Characters, I found a number that was my application id, I was very curious to know that what will happen if changed my application id into my friend application id. I thought to reverse the whole process.
I converted my friend application id into base64 and put them in URL and hit enter.
I was able to access or update my friend's contact, bank accounts details,
I was curious to know that application behavior. I search on Google and found many blogs and videos, I was accidentally found an issue which is called Insecure Direct Object References (IDOR). I contacted the scholarship department and tell them the whole thing.
