ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-19 19:06:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update IDOR.md

Browse Source
This commit is contained in:
Muhammad Daffa 2020-09-04 17:43:52 +07:00 committed by GitHub
parent 233ec1f5b7
commit 4f675956d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
IDOR.md
View File

@ -1,5 +1,9 @@
## IDOR (Insecure Direct Object Reference)
Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control implementation mistakes that can lead to access controls being circumvented. IDOR vulnerabilities are most commonly associated with horizontal privilege escalation, but they can also arise in relation to vertical privilege escalation.
Source: [portswigger.net](https://portswigger.net/web-security/access-control/idor)
1. Add parameters onto the endpoints for example, if there was
```html
GET /api/v1/getuser