Lab 1: Basic User Profile Access

Difficulty: Low

Lab Overview

This lab demonstrates a basic IDOR vulnerability in a user profile system. The application allows users to view any user's profile by simply changing the user_id parameter without proper authorization checks.

Objective: Access other users' profiles by manipulating the user_id parameter to view sensitive information.

Vulnerable PHP Code

// Vulnerable: No authorization check
$user_id = $_GET['user_id'] ?? $_SESSION['user_id'];

// Simulate user database
$users = [
    1 => ['id' => 1, 'username' => 'user1', ...],
    2 => ['id' => 2, 'username' => 'user2', ...],
    3 => ['id' => 3, 'username' => 'admin', ...]
];

// Direct access without checking if user is authorized
if (isset($users[$user_id])) {
    $profile_data = $users[$user_id];
    // Display profile data
}

// Example vulnerable usage:
// ?user_id=1 (own profile - allowed)
// ?user_id=2 (other user's profile - unauthorized access)
// ?user_id=3 (admin profile - unauthorized access)

User Profile Viewer

Profile loaded successfully!

Quick Test URLs:

User Profile: user2

Basic Information

Username: user2

Full Name: Jane Smith

Email: user2@example.com

Phone: +1-555-0124

Address: 456 Oak Ave, City, State

Department: Marketing

Sensitive Information

SSN: 987-65-4321

Salary: $85,000

Vulnerability Details

Type: Insecure Direct Object Reference (IDOR)
Severity: High
Parameter: user_id
Method: GET
Issue: Direct access to user profiles without authorization

Test Payloads

Try these user_id values:

1 - User 1 profile
2 - User 2 profile
3 - Admin profile
999 - Non-existent user

Example URLs:

1.php?user_id=2
1.php?user_id=3

Quick Test URLs

Click these links to test the vulnerability:

Real-World Attack Scenarios

Unauthorized access to user data and personal information
Access to confidential documents and sensitive files
Privilege escalation and admin function access
Data exfiltration and unauthorized data modification
Bypassing access controls and authorization mechanisms
Compliance violations and privacy breaches

Mitigation Strategies

Implement proper authorization checks before accessing resources
Use indirect object references instead of direct database IDs
Implement proper access control lists (ACLs)
Use role-based access control (RBAC)
Implement proper session management
Use whitelist-based validation for allowed resources
Implement proper logging and monitoring