Top US Travel Site Secured From IDOR Vulnerability Before Exploitation

Hemant Bansal | October 17, 2021

Top US Travel Site Secured From IDOR Vulnerability Before Exploitation

Databases often hold the backbone of an organization; its’ transactions, customers, employee info. It should be of no surprise that company databases are the high-value target for...

Top US Travel Site Secured From IDOR Vulnerability Before Exploitation

Posted on by admin

Recently apptroops found one weak spot in the Top US Travel website where the attacker could see the personal information of all the users. Have you ever noticed a parameter in a URL and tried tweaking it to retrieve a different valid page/request? If you are successful, you exploit an insecure direct object reference.

Description

Insecure Direct Object References have occupied the fourth spot of the OWASP Top 10 list of the most critical web application security risks since 2007.

Insecure Direct Object References occur when an application provides direct access to objects based on the user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly, for example, database records or files.

Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user-supplied input and uses it to retrieve an object without performing sufficient authorization checks.

What was the Risk?

The website was using some token to authenticate users but token was not validating properly which opened the window for the attacker to perform insecure direct object reference attack. Changing the values of users (user_id) in increasing or decreasing the number, the attacker could see the personal information of all the users on the website. Such flaws can compromise all the data that can be referenced by the parameter.

Mitigation or Fix

Preventing insecure direct object references requires selecting an approach for protecting each user-accessible object:

Use per user or session indirect object references. This prevents attackers from directly targeting unauthorized resources.

Check access. Each use of a direct object reference from an un-trusted source must include an access control check to ensure the user is authorized for the requested object.

Code review of the application can quickly verify whether either approach is implemented safely. Testing is also effective for identifying direct object references and whether they are safe. Automated tools typically do not look for such flaws because they cannot recognize what requires protection or what is safe or unsafe.

Latest Updates

December 17, 2021

Run More Frequent Pen Tests Economically

Some flaws, such as CSRF (Cross-Site Request Forgery) and other business logic vulnerabilities, require a human to be in the loop to exploit and verify the vulnerability. Only Manual testing […]

Learn More

October 17, 2021

OK To Defer Low Severity Vulnerabilities?

Discovery of the chained vulnerability requires manual testing, static/dynamic vulnerability testing is not sufficient. We offer manual testing very economically with our certified ethical hackers, let us know if you’d […]

Learn More

October 17, 2021

Top US Travel Site Secured From IDOR Vulnerability Before Exploitation

Recently apptroops found one weak spot in the Top US Travel website where the attacker could see the personal information of all the users. Have you ever noticed a parameter […]

Learn More

October 17, 2021

Brief Introduction On Devsecops

DevOps vs DevSecOps DevOps is an edge approach that overcomes any barrier been development and operations. It involves better-coordinated effort between all the supporters that deal with programming. In simple […]

Learn More

October 17, 2021

General Data Protection Regulation (GDPR)

What does the GDPR do? The General Data Protection Regulation (GDPR) is the hardest security and security law on the planet. In spite of the fact that it was drafted […]

Learn More

October 16, 2021

Is automated vulnerability testing enough?

Why not have white hat hackers verify systems have been correctly patched and test for flaws manually?  Well, in a word, it can be expensive.  One new company, apptroops, is doing it […]

Learn More

Leave Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us

    Write us a message

  • Request our free 24-Hour penetration test
    and get vulnerability report.

    • Evaluate skills before any type of engagement with Apptroops.
    • Level-1 Testing with manual approach in addition to static/dynamic.
    • Get a clear picture of root findings with mitigations in the report.
    • 90% of the time we find unknown hidden critical/ high vulnerabilities.
    • 1

      Write us a message

      Successfully delivered over 100+ Projects Globally

      No, thank you. I do not want.
      100% secure your website.
      Powered by