Member-only story
What is IDOR Vulnerability, and how does it affect you?
IDOR stands for insecure direct object reference
What exactly is IDOR?
The insecure direct object reference is abbreviated as IDOR.
An IDOR flaw allows an attacker to gain unauthorized access to resources or perform actions on a web application.
This is accomplished by altering the request parameters supplied to the server while retrieving objects (such as documents, files, and data).
When there is a lack of server-side validation and a request is completed without validating whether the object being requested belongs to the user requesting it, this is possible.
How Does It Appear?
You’ll want to keep an eye out for IDs when looking for IDOR vulnerabilities.
Let’s pretend you’ve signed up for an online service and your profile URL looks something like this http://example.com/profile?user id=200.
You can always test it for IDOR vulnerability by changing the value of user id from 200 to 201 and you may get access to another user’s profile, as in http://example.com/profile?user id=201
