Stuck watching YouTube videos about bug bounty hunting rather than your inbox? In this series I partner with Bugcrowd to bring you everything you need to know to find their most common first bugs. In this episode we're talking about the ever popular IDOR, and while yes, I am aware I have made videos on this topic many times, it's still a solid choice for your first bug, difficult to automate and scale, yet easy to understand and test for. Its tediousness means that top hackers often skip them in favour of trickier bugs, making it perfect for newer bug bounty hunters to focus on.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they’ll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your level, there’s a place for you in the crowd. You can sign up with my link here:
https://bugcrowd.com/user/sign_up.00:00 Introduction to Entry Level Exploits
00:47 Understanding Insecure Direct Object References (IDOR)
01:24 IDOR Vulnerability Explained with Examples
03:32 Hunting for IDORs: Tips and Tricks
06:22 Practical Demonstration: Finding IDORs
15:44 Choosing the Right Targets for IDORs
21:00 Summary and Homework