Question

The impact of an IDOR depends on the affected function, so to maximize the severity of your bugs, you should always look for IDORs in critical functionalities first. Both read-based IDORs (which leak information but do not alter the database) and write-based IDORs (which can alter the database in an unauthorized way) can be of high impact.

IDOR 的影响取决于受影响的功能，因此为了最大化漏洞的严重性，您应始终首先寻找关键功能中的 IDOR。基于读取的 IDOR（泄露信息但不更改数据库）和基于写入的 IDOR（可以以未经授权的方式更改数据库）都可能会造成很高的影响。

In terms of the state-changing, write-based IDORs, look for IDORs in password reset, password change, and account recovery features, as these often have the highest business impact. Target these over, say, a feature that changes email subscription settings.

在状态变更、基于写入的 IDOR 方面，寻找密码重置、密码更改和账户恢复等功能中 IDOR，因为这些功能往往具有最大的商业影响。与修改电子邮件订阅设置等功能相比，重点关注这些功能。

As for the non-state-changing (read-based) IDORs, look for functionalities that handle the sensitive information in the application. For example, look for functionalities that handle direct messages, personal information, and private content. Consider which application functionalities make use of this information and look for IDORs accordingly.

对于非状态改变（基于读取的）IDOR，请查找应用程序中处理敏感信息的功能。例如，查找处理直接消息、个人信息和私人内容的功能。考虑哪些应用程序功能使用此信息，并相应地查找 IDOR。

You can also combine IDORs with other vulnerabilities to increase their impact. For example, a write-based IDOR can be combined with self-XSS to form a stored XSS. An IDOR on a password reset endpoint combined with username enumeration can lead to a mass account takeover. Or a write IDOR on an admin account may even lead to RCE! We’ll talk about RCEs in Chapter 18 .

您还可以将 IDOR 与其他漏洞相结合，以增加其影响力。例如，基于写入的 IDOR 可与自我 XSS 结合形成存储的 XSS。在密码重置端点上的 IDOR 与用户名枚举相结合，可以导致大规模的账户接管。或者，对管理员帐户的写入 IDOR 甚至可能导致 RCE！我们将在第 18 章讨论 RCE。