If you've discovered an Insecure Direct Object Reference (IDOR) vulnerability where you can modify data belonging to others, here's a strategic approach to handle it:

1. Understand the Impact: First, assess the severity of the IDOR. If it allows you to modify critical data or perform actions with significant consequences, it's a high-impact vulnerability.

2. Avoid Temptation: Even though you could exploit the IDOR to change data, it's crucial not to do so without authorization. Unauthorized modification of data is a breach of trust and could lead to legal and ethical implications.

3. Proof of Concept (PoC): Create a PoC to demonstrate the IDOR. This could be as simple as changing a user's name or email address to something obvious, like "test@example.com".

4. Check for XSS Vulnerability: Before escalating the IDOR, check if the application is vulnerable to Cross-Site Scripting (XSS). If user input is echoed without proper sanitization and escaping, an IDOR could be escalated to an XSS attack.

5. Escalate to XSS: If an XSS vulnerability is found, exploit it to inject a malicious script. This could allow you to steal cookies, perform actions on behalf of the user, or even take over the user's account (Account Takeover - ATO).

Here's a simple example of how you might escalate an IDOR to an XSS attack:

- IDOR: You can change another user's name to "test".
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious script, like <script>alert('XSS Attack!')</script>.

6. Report the Vulnerabilities: After creating your PoCs, report the IDOR and any XSS vulnerabilities you've found to the appropriate security team. Provide clear steps on how to reproduce the issues.

Here's how you might report it:

- IDOR: "I found that I could change another user's name to any value. Here's how to reproduce it: [steps]..."
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."

CVE-2024-22116: RCE in Zabbix, 9.9 rating 🔥

Lack of escaping for script parameters allows an attacker to execute arbitrary code.

Search at Netlas.io:
👉 Link: https://nt.ls/KoYW4
👉 Dork: http.favicon.hash_sha256:22b06a141c425c92951056805f46691c4cd8e7547ed90b8836a282950d4b4be2

Vendor's advisory: https://support.zabbix.com/browse/ZBX-25016

# Google Dorks Cli
# https://github.com/six2dez/degoogle_hunter
degoogle_hunter.sh company.com

# Google dorks helper
https://dorks.faisalahmed.me/

# Code share sites
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "company"
# Stackoverflow
site:stackoverflow.com "target.com"
# Project management sites
site:http://trello.com | site:*.atlassian.net "company"
# Pastebin-like sites
site:http://justpaste.it | site:http://pastebin.com "company"
# Config files
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
# Database files
site:target.com ext:sql | ext:dbf | ext:mdb
# Backup files
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
# .git folder
inurl:"/.git" target.com -github
# Exposed documents
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
# Other files
site:target.com intitle:index.of | ext:log | ext:php intitle:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
# SQL errors
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
# PHP errors
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
# Login pages
site:target.com inurl:signup | inurl:register | intitle:Signup
# Open redirects
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
# Apache Struts RCE
site:target.com ext:action | ext:struts | ext:do
# Search in pastebin
site:pastebin.com target.com
# Linkedin employees
site:linkedin.com employees target.com
# Wordpress files
site:target.com inurl:wp-content | inurl:wp-includes
# Subdomains
site:*.target.com
# Sub-subdomains
site:*.*.target.com
#Find S3 Buckets
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
# Traefik
intitle:traefik inurl:8080/dashboard "target"
# Jenkins
intitle:"Dashboard [Jenkins]"