Pentesting oData
The Open Data Protocol (OData) is an open web protocol for querying and updating data. OData enables the creation of HTTP-based RESTful2 data services that can be used to publish and edit resources that are identified using uniform resource identifiers (URIs) with simple HTTP messages.
It usually has this syntax:
| http://localhost:32026/OData/OData.svc/$metadata
|
https://infosecwriteups.com/unauthorized-access-to-odata-entities-2k-bounty-from-microsoft-e070b2ef88c2
| The **OData metadata** is a data model of the system(consider it as **information_schema** in relational databases). For each metadata, we have **entities**(similar to **tables** in relational databases) and **properties** (similar to **columns**) as well as the relationship between different entity types. Each entity type has an **entity key** that is similar to the key in relational databases.
|