|
|
|
|
|
|
by richbell
934 days ago
|
|
|
It's referred to as an "Insecure Direct Object Reference" (IDOR) vulnerability. In many cases it is not actually a vulnerability, however, when an application contains sensitive information and lacks authorization or rate-limiting it can be exploited to enumerate the entire database. https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Dire... When I first joined $company, HR sent me a SharePoint document with a numerical ID. Incrementing or decrementing the ID allowed me to view personal information of other employees including their pay. |
|
|