If so, click to download 15 days full version for free!
Insecure Direct Object Reference (IDOR) is one of the easiest exploitable attack vectors that hackers can pull off. The only thing they have to try is to test every parameter value to understand if changing the parameter’s value lets them accessing or changing others application data.
For example, imagine a view that lists the historical purchases of the user that was previously authenticated. When user clicks details of one of those listed purchases, the ID, let’s assume 3657435, of the purchase is sent from browser to the backend application and the glory details of the selected single purchase is shown as a separate interface.
Here the authenticated user might have bad intentions and when sending the ID, 3657435, of the purchase, he might change to other predictable IDs of purchases of other users. Let the changed ID is 3657436. If the back end code doesn’t really check whether the received purchase ID really belongs to the current user before sending the details, the attacker is now able to see the details of other users’ purchases.
If so, click to buy now for yearly subscriptions!