ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-19 10:56:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

IDOR [3]

Browse Source 
Add sources of the tips
This commit is contained in:
Muhammad Daffa 2020-09-04 17:46:10 +07:00 committed by GitHub
parent 4f675956d8
commit bced4b21eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
IDOR.md
View File

@ -2,8 +2,6 @@
Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control implementation mistakes that can lead to access controls being circumvented. IDOR vulnerabilities are most commonly associated with horizontal privilege escalation, but they can also arise in relation to vertical privilege escalation.
Source: [portswigger.net](https://portswigger.net/web-security/access-control/idor)
1. Add parameters onto the endpoints for example, if there was
```html
GET /api/v1/getuser
@ -101,3 +99,5 @@ GET /graphql
GET /graphql.php?query=
[...]
```
Source: [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup!