Adithya M S is a beginner-level web hacker keen to discover how distorting parameters in website endpoints can impact security.
His latest experiment entails exploiting a file-based Insecure Direct Object Reference (IDOR) on the NIELIT website.
NIELIT is an Indian institute that specialising in creating human resources for Information, Electronics and Communications Technologies.
enrolment for courses includes uploading photo, signature and other documents, all of which are easily accessible once the hacker knows the candidate number of any student.
This type of IDOR is common as the web server generally refers to resources such as files or other records in an insecure way.
While it offers clarity on how such vulnerabilities can be exploited, it’s important to remember that these experiments should only be conducted on dupicately accessible resources by authorised individuals.