Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson offers a demonstration of IDOR with files and use of tokenization and focuses on working with files and file names and the resulting use of tokenization to mitigate security risks. Users select a file to view and displays the content. In this lesson, Burp Suite is used to intercept requests to see if there is an insecure object reference. If one is found, a request is sent to the repeater and a decoder is used to copy the contents and replace the text file with the boot ini request file which allows us to see the contents of the boot ini file.