mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-24 05:15:25 +00:00
Update IDOR.md
This commit is contained in:
parent
233ec1f5b7
commit
4f675956d8
4
IDOR.md
4
IDOR.md
@ -1,5 +1,9 @@
|
|||||||
## IDOR (Insecure Direct Object Reference)
|
## IDOR (Insecure Direct Object Reference)
|
||||||
|
|
||||||
|
Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control implementation mistakes that can lead to access controls being circumvented. IDOR vulnerabilities are most commonly associated with horizontal privilege escalation, but they can also arise in relation to vertical privilege escalation.
|
||||||
|
|
||||||
|
Source: [portswigger.net](https://portswigger.net/web-security/access-control/idor)
|
||||||
|
|
||||||
1. Add parameters onto the endpoints for example, if there was
|
1. Add parameters onto the endpoints for example, if there was
|
||||||
```html
|
```html
|
||||||
GET /api/v1/getuser
|
GET /api/v1/getuser
|
||||||
|
Loading…
Reference in New Issue
Block a user