@mrcharlie4917 Жыл бұрын
Your content is amazing. I'm a beginner to bug bounty hunting and I have learned a lot things from you. I really appreciate your content and your contribution to the community. Thank you Katie..
@1990shahid 3 жыл бұрын
Katie you are a superstar - thank you for taking the time to make these videos. They are very helpful
@InsiderPhD 3 жыл бұрын
Glad you like them! It means a lot for me to get messages like this!
@isaackay5887 3 жыл бұрын
*This is was by far **_THE BEST_** video I’ve watch on cyber security I’ve seen, thus far!*
@kn0xxpopul129 3 жыл бұрын
It takes lots of efforts in making such content I loved it -thanks
@InsiderPhD 3 жыл бұрын
My pleasure 😊
@eXfilPr4tik 3 жыл бұрын
NICELY EXPLAINED!
@medicineman7894 11 ай бұрын
Please never stop posting
@GohansTips72 3 жыл бұрын
This video really put me in interest to study more about Bug Hunting! I was all confused before haha xd
@Death_User666 11 ай бұрын
Never stop posting videos
@varunmehta3230 3 жыл бұрын
Thanks a lot. Very well explained.
@rajatdutta8365 3 жыл бұрын
Thank you!! Neatly explained.
@ggmaxx66 2 жыл бұрын
thanks Katie! IDORs make more sense now. 🌊️⛱️😎
@AmanGupta-ho4rh 3 жыл бұрын
Thanks, In the video you mentioned about middlewares. I hope you will make video's on Code Review :) Thanks again
@sanjaylekhak7719 3 жыл бұрын
Informative..!!..Please also add link of related videos in the description..it would help people like me as I haven't seen that "firefox containers" video. Thanks for the video..💖
@InsiderPhD 3 жыл бұрын
I hope not! I would like a bounty! (Im kidding!) thank you
@InsiderPhD 3 жыл бұрын
I will add those videos now!
@ghostgil7006 2 жыл бұрын
Can i use community edition of burp suite in a real bug hunting?
@thefunnychannel647 3 жыл бұрын
I got a doubt. What if the triage team asks how can an attacker get another user's cookie? And don't consider an impact?!
@linux6065 9 ай бұрын
same
@kofiarthur3402 3 жыл бұрын
Hi Katie, wouldn't changing the cookies be a MITM Attack, which is invalid for I'm sure most programs.
@InsiderPhD 3 жыл бұрын
Yes if you are accessing your own account, here the cookie trick is to change the cookies to act like you are logged into one account but you can change another!
@barbaros8735 3 жыл бұрын
Does it also count as IDOR if I can access objects by changing PHPSESSID in the cookies?
@danielmcpherson9062 3 жыл бұрын
Thank you!!! Amazing video!!! (Like always)
@deepanshuyadav6745 3 жыл бұрын
signing up Intigriti with ur link let's hope for the best
@InsiderPhD 3 жыл бұрын
I will keep my fingers crossed for you good luck! And good hunting my friend
@Anu-vp9um 3 жыл бұрын
Thanks , very helpful 🙏
@TomTakesTime 5 ай бұрын
🔥
@judithmalshini5428 2 жыл бұрын
Thank you a lot.
@goldengreengrass Жыл бұрын
Hello Katie, First of all thank you so much for providing us such information. I've a question I was hunting on a bug bounty platform and I found a end point which is vulnerable to IDOR cookie manipulation as I interchanged the cookie of two account and it worked but the triage team responded by marking it as NON-APPLICABLE as they quoted "It's not worth it as you have to have cookies of both attacker as well as victim account" can you tell me if it's a Valid bug or it needs to land on NON APPLICABLE category...? Thanks agian.
@InsiderPhD Жыл бұрын
Because when you use an endpoint with cookie A you’re affecting user A and with user Bs cookie you’re affecting user B. That is how it’s supposed to work and it’s intentional.
@FicoCreditKing 3 сағат бұрын
literally got told the same thing
@kumaran88thiru 3 жыл бұрын
Sweet
@noobhunter2986 3 жыл бұрын
Thanks for this man
@akshatsinghal9231 3 жыл бұрын
really great knowledge
@zer0ql 3 жыл бұрын
4th place also as usual awesome video
@amumuwarszawa8547 3 жыл бұрын
So if i understand in correct way login copy cookies logout and use cookies to login as other user ?
@ohhmypenniereview8505 2 жыл бұрын
Hi kattie.. How you get access victim account to see changes or victim cookies ,this big question
@shekharwagh4982 2 жыл бұрын
Was Able to Use Paypal Payment Token of User1 with User2 & vise-versa on a shopping portal. Is this also a case of IDOR vulnerability ?
@manishneupane6070 3 жыл бұрын
Thank you so much mam 💞😊🇳🇵
@knowledgeboxbd9625 3 жыл бұрын
Well explain 😍
@cybersecurity3523 3 жыл бұрын
Hello Dr
@InsiderPhD 3 жыл бұрын
👋👋
@priyamjha9755 3 жыл бұрын
please i want this video How to become a cyber security analyst full road map Topic is after 12 what should I do, with BCA, skills , course, jobs , salary, which is best and which in demand in future ( Web Exploitation, Cryptography, Reverse Engineering, Forensics, General Skills, Binary Exploitation) Almost full road map Please 🙏🙏
@InsiderPhD 3 жыл бұрын
Hi Priyam, it's hard to give you a roadmap without knowing you well, but this I think is a REALLY good graph - www.linkedin.com/pulse/map-cybersecurity-domains-version-20-henry-jiang-ciso-cissp as for what to learn it completely depends on what interests + excites you! Any jobs in security are going to be in demand so the world is your oyster!
@priyamjha9755 3 жыл бұрын
@@InsiderPhD thanks for this advice 🙏
@LetsGoTech 2 жыл бұрын
There is authorize now
@0xanupam Жыл бұрын
if they've caused something to happen to account A rather than B what to do next?
@InsiderPhD Жыл бұрын
Not a bug, move on
@MiVidaLoca1024 2 жыл бұрын
Just FYI. in the IDOR videos of yours that I've watched, you've never explained what IDOR stands for. Looks like it's Insecure direct object reference. Learned about you from The Cyber Mentor (TCM).
@eonraider 3 жыл бұрын
Am I right to think that IDOR is a type of broken access control vulnerability? There's no mention to this in the video.
@InsiderPhD 3 жыл бұрын
Yes! It is :)
@rishabhpant1828 3 жыл бұрын
Till date, no findings :-((if you remember me from previous videos)
@RomskieL 3 жыл бұрын
Im confused a little bit. Sorry. What if the cookie of user A contains user 's credentials like user id encoded in it. So if i will change the request of user B' s cookie to uaer A's cookies, it would be just like User A is sending the request right? So it's not an idor if that's the case right?
@InsiderPhD 3 жыл бұрын
Yes, if you can affect User B using User A's cookies or User A with user B's cookies, it's an IDOR
@szorba7417 3 жыл бұрын
@@InsiderPhD madam whats the difference between csrf and idor that you are talking about right know? Thankssss
@ca7986 3 жыл бұрын
❤️
@jhonbash500 3 жыл бұрын
Hey katie, What do you mean by "see if they've caused something to happen to account A"? at 16:54
@InsiderPhD 3 жыл бұрын
An IDOR occurs when one user (B) can access something they shouldn't, eg something on another user (A)'s account. So to test for that we do something on A's account, then repeat the request changing the cookies from A->B, if that then impacts As account, it means you could login as anyone and access anyones stuff.
@jhonbash500 3 жыл бұрын
@@InsiderPhD Gotcha...
@abhimanyumishra8185 3 жыл бұрын
Hey Katie ! Let's say I have found a cookie based IDOR , but this falls in the category of MITM because you have to steal cookies first !🤔 Is this an false positive ?
@reymarckessaguirre5082 2 жыл бұрын
Check the scope of the program. Did they say anything about MITM?
@salmankhandu3819 3 жыл бұрын
Is there any getting started video for any platform like hackerone, bugcrowd. I mean how to setup account ,start real target and report issue like that. Thank you
@InsiderPhD 3 жыл бұрын
I don’t know but I will make that video for you :)
@salmankhandu3819 3 жыл бұрын
@@InsiderPhD thank you :)
@salmankhandu3819 3 жыл бұрын
@@InsiderPhD when I expect such video? I am curious for that :) . In between if you find any reference kindly share? Thank you
@mizo7627 3 жыл бұрын
@@salmankhandu3819 U can ckeck this ...she made it previously kzfaq.info/get/bejne/d5Z8h9x5mdqznYU.html
@zozkabdulrahman4507 Жыл бұрын
l
@shrirangkahale 3 жыл бұрын
2nd @albonycal
@InsiderPhD 3 жыл бұрын
Too slow Albony!
@shrirangkahale 3 жыл бұрын
@@InsiderPhD :/
@user-gc7nv5ly7f Жыл бұрын
you missed up all of this.
@samwilliams8940 2 жыл бұрын
not the best video
Bugcrowd
Рет қаралды 3,5 М.