关于我 | 友情链接 | Windows进程对比杀软信息&辅助提权补丁对比

One Way to Find Hidden IDOR Vulnerability

One Way to Find Hidden IDOR Vulnerability

I received an invitation for an internal project, i found an interesting vulnerability in this project.

After submitting some regularized vulnerabilities, the project seems to have no one to submit new security issues.

I started to try some WebFuzz techniques.

First i should test for sensitive information api, because vulnerabilities here are the most valuable( many bounty :D ).

I found one API about sensitive information -> ../getUserAuth...


HTTP Message Body as follows


It looks really exciting !!! If I can get this information about other people based on my account, i think this is great !!!

Here is my test step ↓↓

Step 1

I see this is a GET request without any request parameters, so i need add parameters.

But where can i get parameters ???

At first i thought of using a dictionary to guess, but i didn’t get the results i wanted after trying.

Step 2

I tried to convert HTTP Response Body to HTTP Request Parameters.

So, i get these parameters (BurpSuite Plugin:



../getUserAuth...?login=[Test Account B]user_name
../getUserAuth...?userid=[Test Account B]user_id
... and so on

But after trying, i also can’t get the results i want.

Step 3

I found the naming rules for other API parameters when I was about to give up.

Rule -> English capitalization

Change the parameter to uppercase with javascript:


God is taking care of people who are careful~I tried to add parameters and i found interesting results.


I successfully get the sensitive information of the account B based on the credentials of the account A !!!


  1. I reported the vulnerability.
  2. Officially confirmed that this is a critical vulnerability.
  3. Waited for 3 days… I was awarded ¥3,000 (RMB) bounty.