Pentesting oData
The Open Data Protocol (OData) is an open web protocol for querying and updating data. OData enables the creation of HTTP-based RESTful2 data services that can be used to publish and edit resources that are identified using uniform resource identifiers (URIs) with simple HTTP messages.
The Service Metadata Document
It usually has this syntax:
https://infosecwriteups.com/unauthorized-access-to-odata-entities-2k-bounty-from-microsoft-e070b2ef88c2
The **OData metadata** is a data model of the system(consider it as **information_schema** in relational databases). For each metadata, we have **entities**(similar to **tables** in relational databases) and **properties** (similar to **columns**) as well as the relationship between different entity types. Each entity type has an **entity key** that is similar to the key in relational databases.