Ethical Hacking
  • Introduction to Information Security
    • What is Hacking?
    • Type of Hacking
    • Exercise
    • Uses of Proxy Servers
    • Summary Proxy & VPN
    • Summary
  • Gathering Information About Websites
    • Gathering Information
    • Gathering Targeted Information
  • Google Droks
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
    • Web Servers
    • Web Server Architecture
    • Web Server Architecture Combinations
  • VA & PT
    • OWASP
    • SQL Injection
    • Advanced SQL Injections
    • Burp Suit
      • Client Side Validation Burp Suite Bypass
      • Client Side Validation Burp Suite Bypass
      • GET Based IDOR in URL
      • Post Based IDOR Variant
      • GET Based IDOR in URL
      • Post Based IDOR in URL
      • Download based
  • Arbitrary File Upload Vulnerabilities
    • Server Side Attack
    • Server Side Attack
    • Client Side Attack
  • Understanding Response Headers
    • Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
    • Temporary XSS
  • Understanding Forced Browsing and Session-Cookie Flaws
    • Forced Browsing
    • Cross Site Request Forgery
    • Open Redirection
  • Dictionary Based Brute Force Attacks
    • Dictionary Based Bruteforcing
    • Logical Bruteforcing
    • PII Leakage Variant
  • Identifying Security is configurations and Exploiting Outdated Web Applications
    • Information Disclosure via Descriptive Messages
    • Default Debug Pages
    • How to guess password for a standard login page
    • Default/Weak Password in Custom CMS
    • Fingerprinting Components with Known Vulnerabilities
    • Finding Exploits for Components with Known Vulnerabilities
    • Default/Weak Password in Public Software
    • Vulnerable Components Installed
    • Vulnerable Components Installed 2
    • Vulnerable Components Installed 3
  • Scanning for Bugs in WordPress and Drupal
    • What is CMS?
    • Variant 1
    • Vulnerable CMS
    • How to Scan Drupal CMS for Known Vulnerabilities?
    • Joomla CMS
  • Automating VAPT and Secure Code Development
    • information gathering
    • Nmap Scans
    • Automating VAPT:
  • POC
    • Recommendations for Documenting a Vulnerability
    • PoC
    • Types of Reports
    • Recommendations for OWASP Top 10 Vulnerabilities
    • Components of a VAPT Report
    • Vulnerability Information (for each vulnerability)
    • Bad Practices to Avoid While Writing a Report
Powered by GitBook
On this page
  1. VA & PT
  2. Burp Suit

Post Based IDOR in URL

PreviousGET Based IDOR in URLNextDownload based

Last updated 1 year ago

See if you can tamper with the Employee ID and extract salary details of other employees working at ABC Pvt. Ltd.

Step 1. While making sure Burp Suite is configured in the browser, visit the URL http:(The URL will be different for each user).

Step 2. Now click on the 'Generate Salary Slip' button and wait for the response. This request will be captured in Burp Suite.

Step 3. Now to view the request you just sent, open Burp Suite and go to the tab Proxy -> HTTP history. Step 4. This HTTP history tab contains all the requests your browser has sent so far. Scroll down to the last few requests and notice the POST request you just made, it will have the EMP=EMP9D parameter which is the employee id. Click on it and the complete HTTP request will be displayed in the 'request' tab at the bottom.

Step 5. Now right click on this request and send it to Intruder.

Step 6: Now click on the Intruder tab, and click on the ‘Positions’ tab. Note: Make sure to clear all selected parameters first.

Step 7: Now from the parameter Emp=EMP9D, select the ‘9D’ part and click on the ’Add’ button.

Step 8: Select ‘Attack type’ as ‘Sniper’.

Step 9: Now click on ‘payloads’ tab.

Step 10: Under ‘payload options’ section, enter this character set: ABCDEFGHIJKLMNOPQRSTUVWXYZ9876543210. Now set the Min and Max length to 2.

Step 11: Click on ‘Start Attack’. It will launch the attack and the intruder window will appear. Now sort the ‘length’ tab by double-clicking on the length tab, and wait till the attack is completed. The greater length value that comes under the ‘Length’ column is the desired request.

Step 12: Now once you find the right request, right click on the request and choose ‘show response in browser’ option to view the request in the browser. Copy the burp response URL and paste it in the burp configured browser. Here you have successfully passed the challenge.