BOLA by changing auth token
Attacker can access resources of any user by changing the auth token in request.
Broken Object Level Authorization (BOLA)
How this template works
The template uses API selection filters to specify the criteria for selecting the API requests to be executed. In this case, the filters include checking the response code to be between 200 and 300, and the presence of at least one private variable in the request payload.
The template specifies the execution type as "single", which means that only one request will be executed. The request includes a step to replace the authentication header with a new token. This allows the attacker to replay the original request with their own token.
The template defines validation criteria for the response. It checks that the response code is between 200 and 300, the response payload has a length greater than 0, and the percentage match between the response body and the original response body is at least 90%. These validations ensure that the attack was successful and the server responded as expected.
Frequently asked questions
What is Broken Object Level Authorization (BOLA) and how does it relate to this test
How does the server determine if the response body matches the original response body
What is the impact of unauthorized access in the context of BOLA
Can you provide more information about object level authorization and its role in preventing unauthorized access
Are there any specific references or resources available to learn more about BOLA and its exploitation techniques
What are the severity and potential impact of this vulnerability