[Web Exploitation] IDOR (Insecure Direct Object Reference) Vulnerability -

<aside> 💡 An access control vulnerability is when an attacker can gain access to information or actions not intended for them.

</aside>

<aside> 💡 Works when server receives user-supplied input to retrieve objects (files, data, documents), and too much trust has been placed on that input data, and the web application does not validate whether the user should, in fact, have access to the requested object.

</aside>

User Supplied data can be passed through these :-

• Query Component (in URL, while making requests)
• Post Variables (Examining HTML contents of forms in websites can reveal fields vulnerable to IDOR)
• Cookies (information could be stored in the cookie itself and changing the cookie might lead to IDOR)

Questions are pretty simple if understood what IDOR is.