16INSECURE DIRECT OBJECT REFERENCES
An insecure direct object reference (IDOR) vulnerability occurs when an attacker can access or modify a reference to an object, such as a file, database record, account, and so on, that should be inaccessible to them. For example, let’s say the website www.<example>.com has private user profiles that should be accessible only to the profile owner through the URL www.<example>.com/user?id=1. The id parameter would determine which profile you’re viewing. If you can access someone else’s profile by changing the id parameter to 2, that would be an IDOR vulnerability.
Finding Simple IDORs
Some IDOR vulnerabilities ...
Get Real-World Bug Hunting now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.