Web Attacks

Hello, I am going through the web attacks module. In the Mass IDOR Enumeration section I have a question. The entire section is talking about uid and enumerating them.

However when I spawn my target nothing on the target at all has any uid anywhere that I can see…

So my question is am I just missing something here? Or is there something wrong with the target being spawned? I did find an API I can enumerate but I don’t see any flag file anywhere and again there are 0 uids anywhere in the web app.

NVM… I found the UID it just wasn’t in the URL like the examples showed. Looking more carefuly though burp the UID is much more obvious.

Would you care to elaborate? I’m having the same problem and get nothing when I run the shell script with pdf or txt.

Did you look at the requests in BURP?

Ahh I see. I mean, obviously I did not do it right but I used the bash script, the intruder, etc and everything else they talked about but nothing. It’s just weird how they do that so much, talk about one thing and then do something COMPLETELY different. Don’t get me wrong, I love it, it’s just weird.

1 Like

Got it, thank you sir. Somehow starting at that exact same screen for hours I still missed it until you said that.

I believe the idea is to make us think outside the box. In real life Pentests you have to do a lot of independent research and outside thinking. I have noticed the pattern in the Academy, they intentionally leave things out to make you look at in at a different angle. I know how that goes, I have spent days on some of these modules. Glad you got it!

1 Like

Yeah you are right. I completely agree. Well they sure do a good job then! Thanks for your help :slight_smile:

Anytime. I sure need the help often enough in here!

1 Like

u can try random
curl -s -X POST http://ip:port/documents.php -d uid=1-20
u wil find flag???.txt
after u try wget file and cat file
u will found flag

Use burp suite it will give all the info