You nailed it! Good job!

Thank you Mate 😊

How does this work when you don’t have access to a admin account?

Glad you liked it! Enjoy!

Welcome! :)

Glad you liked it! Enjoy!

Maybe you can exprt all in CSV then grep?

Thanks for your question Pedram. We are changing the JWT token here to test if you, as an attacker, can execute the same request on the victim's resources. If it's successful, then you have essentially found a broken access control vulnerability. You don't need the victim's JWT token for that, we are using a second test account to cover as much requests as possible and not affect real victims. For JWT exfiltration, your can use XSS for example. Most of the time, JWT is stored in the Browser's LocalStorage, which is easily accessible using Javascript.

@@thehackerish I made a report in which I was able to replace users A bearer authentication token with users B and I was able to change some information, they responded to me telling me that you haven’t change any other users information, because every user has his own bearer authentication.

@@m7mds461 Bro there is a video of this in insiderPhD channel the most new idor video has your answer in it !

Checkout the video on how to write good reports from the hack for fun and profit playlist.

@@thehackerish ok dear

1. how the quantity is changed in victim's basket? Baaed on the basket id. what happens in background? The backend server receives the request, verifies the JWT token is valid, and takes whatever basket id and changes it. It doesn't validate if the user with the token has permission on the basket. 2. how to intercept victim's https request in burp suite? You don't need any interception. As an attacker, you just change the basket id. I'm changing the JWT in this case to easily test IDOR across many requests rather than change the IDs one by one for each and every request. 3. As a developer who is developing securely, you should always validate if the authenticated user has permissions to access/edit/delete a resource before doing any further actions. I hope this helps! Thanks for your questions!

@@thehackerish thank you so much!! It is a great help . ♥️♥️

If you pay close attention, the vulnerability in the video exists in the basket id from the URL. Changing the JWT is just an easy trick I follow to test the features cross-acount.

@@thehackerish i understand so if this possible when the specific endpoint have id . for the automation we are change only the jwt token ????

@@sushantdhopat Exactly! Because one user will be able to act on the resource of the other.

@@thehackerish ok thanks for Clarification

I did in later videos, thanks for your suggestion. Although the majority likes it, I think it is a good idea to just get rid of it to not disturb the rest like you.