Skip to content

Pentesting oData

The Open Data Protocol (OData) is an open web protocol for querying and updating data. OData enables the creation of HTTP-based RESTful2 data services that can be used to publish and edit resources that are identified using uniform resource identifiers (URIs) with simple HTTP messages.

The Service Metadata Document

It usually has this syntax:

http://localhost:32026/OData/OData.svc/$metadata

https://infosecwriteups.com/unauthorized-access-to-odata-entities-2k-bounty-from-microsoft-e070b2ef88c2

The **OData metadata** is a data model of the system(consider it as **information_schema** in relational databases). For each metadata, we have **entities**(similar to **tables** in relational databases) and **properties** (similar to **columns**) as well as the relationship between different entity types. Each entity type has an **entity key** that is similar to the key in relational databases.
Last update: 2024-01-10
Created: January 10, 2024 22:09:40