|
| 1 | +--- |
| 2 | +title: Check out these HackerPhotos! Nothings wrong here. |
| 3 | +description: >- |
| 4 | + We've created a basic web application called "HackerPhotos" to hightlight some awesome hacker-tagged photography. It is just in BETA and we'd love for you to give it a try and make sure we've not made any mistakes! |
| 5 | +date: 2025-09-10 20:55:00 +0800 |
| 6 | +categories: [Labs] |
| 7 | +tags: [IDOR] |
| 8 | +image: |
| 9 | + path: assets\img\bug1.png |
| 10 | + alt: IDOR |
| 11 | +pin: true |
| 12 | +--- |
| 13 | + |
| 14 | + |
| 15 | +# Bug Bounty Hunter |
| 16 | +## Check out these HackerPhotos! Nothings wrong here |
| 17 | + |
| 18 | +*** |
| 19 | +This afternoon, I was like, "Let me practice some labs on IDOR." I just opened my laptop and searched for some IDOR stuff. Then I found these bug bounty hunter labs by Zseano on IDOR. So, I solved the labs, and let’s take a look at ‘em. To be honest, the labs just give you some description—they don’t even give you pointers like “look for flags” or anything, kinda similar to Hacker101 CTF. I think the purpose of the labs is to teach manual testing. So, let’s leave that rant aside. Here’s the lab description if you wanna follow along...... [idor](https://www.bugbountyhunter.com/challenge?id=10) |
| 20 | +*** |
| 21 | + |
| 22 | +``` |
| 23 | +We've created a basic web application called "HackerPhotos" to hightlight some awesome hacker-tagged photography. It is just in BETA and we'd love for you to give it a try and make sure we've not made any mistakes! |
| 24 | +
|
| 25 | +You can login to the challenge with the following credentials: |
| 26 | +
|
| 27 | +Username: phototest Password: phototest1 |
| 28 | +
|
| 29 | +Please note the photos are real photos from Pexel.com. We have credited each author on their photos. (other information you may find is not real) |
| 30 | +
|
| 31 | +
|
| 32 | +``` |
| 33 | + |
| 34 | +With that being said, log in to your account. At first, when I logged in, I tried to look for some button where I could click but found nothing. I was just like, "What the...?" |
| 35 | + |
| 36 | +<img width="1366" height="631" alt="Image" src="https://github.com/user-attachments/assets/bf7a1d94-e207-40de-bbcf-6daf1aa85a19" /> |
| 37 | + |
| 38 | +So, I checked my web proxy and found a JS extension. So, let’s take a look at it. |
| 39 | + |
| 40 | +<img width="1212" height="730" alt="Image" src="https://github.com/user-attachments/assets/dd8df926-112e-43fe-8872-566babb07be7" /> |
| 41 | + |
| 42 | +Then I found a path in the JS file where it appears that the web application retrieves a user ID from a cookie and uses it to fetch user data from a server. |
| 43 | + |
| 44 | +<img width="1366" height="235" alt="Image" src="https://github.com/user-attachments/assets/82b31b0e-a77c-40aa-aa7a-83a686533089" /> |
| 45 | + |
| 46 | +So, I checked my cookies and saw some long value in the user ID, but how can this be guessable? |
| 47 | +But, you know, thinking in my head, let me just copy this path and add a numerical value. then it appeared I could see some information. |
| 48 | + |
| 49 | +<img width="1366" height="233" alt="Image" src="https://github.com/user-attachments/assets/952056ea-aeb8-41d7-994a-1cc376cd96cd" /> |
| 50 | + |
| 51 | +Then I sent the request to automate enumeration, thinking maybe I could get other users' information. Then I found 7 people. Wow, what an IDOR! |
| 52 | + |
| 53 | +<img width="991" height="598" alt="Image" src="https://github.com/user-attachments/assets/860679c8-ce19-4e07-b295-0401913daf10" /> |
| 54 | + |
| 55 | +So, that’s it, guys. The tip is to just use the application like a normal user, then check the JS file to understand the application. |
| 56 | +Catch you guys later, I’ll be dropping more blogs. |
| 57 | + |
| 58 | +Here is my Twitter account @[T3chnocr4tX](https://x.com/T3chnocr4tx) |
0 commit comments