Skip to main content

Insecure direct object references

1

Let's start the live chat.

2

We can now download this chat by clicking on the View transcript button.

Since we are proxying the traffic through Burp Suite, we will be able to see the request in the Proxy > HTTP History.

2 2

We are being redirected, let's view the next request.

3

As we can see, our entire chat log is saved.

Let's forward this request to the Repeater for further modification.

Once in the Repeater, change the GET URI to the following:

/download-tanscript/2.txt

4

This causes the application to give the transcripts of another user's chat.

We can now try to login to the carlos user's account using the following credentials:

UsernamePassword
carlosz7yiqtqjuttawu19dlxw

5

We have solved the lab.

6