https://giuseppedandrea.it/tags/insecure-direct-object-reference/ Recent content in Insecure Direct Object Reference on Giuseppe D'Andrea Hugo en Sat, 03 Jan 2026 00:00:00 +0000 https://giuseppedandrea.it/posts/intigriti-challenge-santacloud/ Sat, 03 Jan 2026 00:00:00 +0000 https://giuseppedandrea.it/posts/intigriti-challenge-santacloud/ <h2 id="introduction"> Introduction <a class="heading-link" href="#introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>Hi folks! This write-up documents my solution to <a href="https://santacloud.intigriti.io/" class="external-link" target="_blank" rel="noopener">Intigriti&rsquo;s SantaCloud Challenge</a> created by <a href="https://x.com/intigriti" class="external-link" target="_blank" rel="noopener">Intigriti</a>. The goal was to compromise and retrieve a hidden flag from the &ldquo;SantaCloud&rdquo; portal, a supply chain management system to access inventory management, track distribution, and coordinate logistics.</p> <p>The challenge was relatively straightforward and didn&rsquo;t require sophisticated exploitation techniques. Instead, it rewarded thorough but standard reconnaissance. Despite its simplicity, it was a fun and satisfying solve.</p>