Insecure Direct Object Reference (IDOR)

IDOR vulnerabilities occur when a web application exposes a direct reference to an object, like a file or a database resource, which the end-user can directly control to obtain access to other similar objects. If any user can access any resource due to the lack of a solid access control system, the system is considered to be vulnerable.

Automating the process of identifying weaknesses in access control systems is also quite difficult, which may lead to these vulnerabilities going unidentified until they reach production.

The main takeaway is that an IDOR vulnerability mainly exists due to the lack of an access control on the back-end.

PreviousAuthentication NextCross-Site Request Forgery Attacks

Last updated 8 months ago

Was this helpful?