Insecure Direct Object References (IDOR) are a type of security flaw that happens when an application uses user input to directly access objects, such as files or database records, without proper authorization checks. The term IDOR became well-known from its mention in the OWASP 2021 Top Ten security risks. Although IDOR is just one type of access control mistake, it can lead to unauthorized access to data. IDOR vulnerabilities usually allow users to access data meant for other users (horizontal privilege escalation) but can also permit access to higher-level data or functions (vertical privilege escalation).
Today, let's learn about Insecure Direct Object Reference (IDOR) vulnerabilities, including common types, security risks, and preventive measures.
Details: Insecure Direct Object Reference (IDOR)
If you also have security research want to share with us, you are welcome to submit it! Submission entrance of Security Blogs
Top comments (0)