[IDOR]
IDOR is an access control vulnerability, which stands for Insecure Direct Object Reference. This happens when the user input that was received is not checked or validated in server-side.
in this link, https://onlinestore.thm/order/1000/invoice there is a segment where the user can manipulate the order #.
One technique that was mentioned is to decode and encode the string and determine if there was any changes in the response.
Top comments (0)