O'Reilly logo

Real-World Bug Hunting by Peter Yaworski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

16INSECURE DIRECT OBJECT REFERENCES

Image

An insecure direct object reference (IDOR) vulnerability occurs when an attacker can access or modify a reference to an object, such as a file, database record, account, and so on, that should be inaccessible to them. For example, let’s say the website www.<example>.com has private user profiles that should be accessible only to the profile owner through the URL www.<example>.com/user?id=1. The id parameter would determine which profile you’re viewing. If you can access someone else’s profile by changing the id parameter to 2, that would be an IDOR vulnerability.

Finding Simple IDORs

Some IDOR vulnerabilities ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required