Many web applications do not properly protect sensitive data such as Names, IDs, Credit Cards details, authentication credentials etc. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft or any other crimes. This Sensitive Data is well aspected to encryption also in which if the data is not encrypted and is in plain text, it will be very easier to get fetched by the attacker or any other individual.
Types of Sensitive Data
- Personal – Names, Address, Contact Numbers etc.
- Confidential – ID, Passwords – Credentials, Aadhar No.
- Financial – Bank Accounts numbers, credit cards, debit cards etc.
HOW A SENSITIVE DATA CAN BE COMPROMISED
- When data is transmitted in the URL, that is your credentials are transmitted via GET Parameter. (username=user&password=pass&submit=submit)
- When data is stored in plain text form rather than hashed or encrypted form.
- When data is stored in the text file rather than to be stored in the database.
| Id | Interest | Gender | Username | Password |
| 1 | Badminton | Female | Admin1 | passWORD |
| 2 | Football | Male | Admin2 | PASSword |
INSECURE DIRECT OBJECT REFERENCE
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
Do note here that a malicious user is able to access resources of another USER only. Both have the same level of access in case of IDOR.
eg: www.hungama.com/user.php?id=1
www.hungama.com/user.php?id=4
www.hungama.com/user.php?id=2
Without proper validation it jumps you to another account.
Very good article for testing