Cyber security

LogSnare – Mastering IDOR And Access Control Vulnerabilities Through Hands-On Learnin

LogSnare is an intentionally vulnerable web application, where your goal is to go from a basic gopher user of the LogSnare company, to the prestigious acme-admin of Acme Corporation.

The application, while hosting multiple vulnerabilities, serves as a valuable educational tool.

However, the real lesson to be learned here is how to prevent and catch these attacks leveraging proper validation and logging.

After logging in to the demo application, in the top navbar you’ll see a validation toggle which allows you to toggle security controls in real-time.

Getting Started

The easiest way to get started is with docker.

docker pull seaerkin/log-snare
docker run -p 127.0.0.1:8080:8080 seaerkin/log-snare

You’ll receive a username and password to login, have at it from there!

Catching Attackers With Logging

Insecure Direct Object References (IDORs) fall under the OWASP Top category of “Broken Access Controls”.

These vulnerabilities are some of the most severe as they can allow end-users access to resources they shouldn’t be able to access.

Most people don’t realize, IDOR vulnerabilities are some of the best opportunities for logging.

This is because in most cases, a user will never “accidentally” trigger an IDOR. IDOR vulnerabilities are typically achieved when a user asks for resources outside their allowed interface.

Attackers abuse web applications by asking web servers to return resources the user may not have access too, and this application hopes to serve as an educational resources on how to fix, prevent, and log these types of security events.

Here are some example log outputs from the application when validation is enabled.

{"message":"user is trying to access a company ID that is not theirs","program":"log-snare","version":0.1,"username":"gopher","eventType":"security","securityType":"tamper-certain","eventCategory":"validation","clientIp":"172.17.0.1"}
{"message":"user is trying to enable admin, but they are a basic user","program":"log-snare","version":0.1,"username":"gopher","eventType":"security","securityType":"tamper-certain","eventCategory":"validation","clientIp":"172.17.0.1"}

Checking Application Logs

All logs print to stdout by default, however if you want to view just the application logs containing validation logic, you can do the following:

docker exec -it <container_id> /bin/bash
tail -f logsnare.log
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtoolsLogSnare
2 years ago

Recent Posts

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

9 hours ago

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

20 hours ago

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

21 hours ago

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

21 hours ago

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

21 hours ago

Automatic Updates on Ubuntu: Set Up unattended-upgrades

Keeping your Ubuntu system updated is one of the best ways to protect it. Security…

22 hours ago