Executive Report

High-level summary for non-technical stakeholders, including risks and mitigation strategies.

Security Assessment Report: "Corridor" System

Purpose of the Report

The goal of this report is to summarize the assessment of the Corridor machine, which simulates a web application vulnerable to Insecure Direct Object References (IDOR). The aim was to identify and exploit this misconfiguration to retrieve a hidden flag.

Executive Summary

  • The application mimics a corridor with 13 doors.

  • Each door redirects to a page with a hashed identifier in the URL.

  • Hashes were reversible using common cracking tools.

  • Tampering with the identifiers revealed unauthorized content, confirming an IDOR vulnerability.

Impact

This vulnerability allows attackers to manipulate hashed object references in the URL to gain unauthorized access to hidden content. In a real-world scenario, this could expose sensitive user data, internal resources, or restricted functionality.

Key Recommendations

  • Avoid using reversible hashes (like MD5) as access control mechanisms.

  • Implement proper access controls on the backend.

  • Obfuscation is not a security measure; enforce object-level authorization.

  • Monitor and log access to sensitive resources.

Methodology

  • Accessed the application and analyzed URL patterns.

  • Identified hashed values and used online tools to reverse them.

  • Confirmed correlation between hashes and door numbers.

  • Manipulated the hash to access out-of-range values and retrieve a flag.

Detailed Findings

  1. The site presents 13 doors; each door leads to a hashed identifier in the URL.

  2. These hashes were easily reversed using tools like CrackStation.

  3. The hash corresponds to the door number in plain text.

  4. Generating hashes for values outside the visible range (e.g., 0 or 14) provided access to unintended content.

  5. One such manipulation revealed the final flag.

Recommendations

  • Use unpredictable, non-reversible object IDs (e.g., UUIDs) for URLs.

  • Validate user access to objects server-side.

  • Sanitize and monitor any user-controlled URL parameters.

  • Educate developers on common IDOR vulnerabilities.

Conclusion

The Corridor machine effectively demonstrated how weak access controls combined with predictable identifiers can lead to IDOR vulnerabilities. This underscores the importance of enforcing authorization on the backend rather than relying on obscurity.

PreviousTechnical ReportNextBlog

Last updated