In this video we break down IDOR vulnerabilities (Insecure Direct Object References) across multiple real-world scenarios.
We start with classic IDORs where object IDs are exposed directly in the URL. From there we move into IDORs hidden inside API requests, where authorization checks are often overlooked.
In the final section, we take it a step further by creating a simple Bash one-liner to generate multiple Base64-encoded credentials (user:1, user:2, etc). We then load this list into Burp Suite Intruder to automate IDOR testing at scale.
Topics covered:
- IDORs in URL parameters
- IDORs in API requests
- Missing authorization vs authentication
- Generating Base64 payloads with Bash
- Using Burp Suite Intruder for IDOR enumeration
---⏱️ Chapters ---
00:00 Lab Setup
00:55 Finding IDOR's in the URL
03:42 Finding IDOR's in API calls
12:30 Encoded IDOR's
15:40 One-liner for Base64 encoded IDOR
Educational use only.
#idor #burpsuite #websecurity #owasp #pentesting #bugbounty #cybersecurity
