16INSECURE DIRECT OBJECT REFERENCES
An insecure direct object reference (IDOR) vulnerability occurs when an attacker can access or modify a reference to an object, such as a file, database record, account, and so on, that should be inaccessible to them. For example, let’s say the website www.<example>.com has private user profiles that should be accessible only to the profile owner through the URL www.<example>.com/user?id=1. The id parameter would determine which profile you’re viewing. If you can access someone else’s profile by changing the id parameter to 2, that would be an IDOR vulnerability.
Finding Simple IDORs
Some IDOR vulnerabilities ...