Govur University Logo
--> --> --> -->
...

If a website uses a number in its web address to show different user's accounts, what simple change to that number lets you see someone else's account?



The simple change is altering the number in the web address to a different one. This action exploits a common security flaw known as an Insecure Direct Object Reference, or IDOR. An Insecure Direct Object Reference happens when a web application allows a user to directly access a resource, such as a user account or specific data, by modifying an identifi....

Log in to view the answer



Community Answers

Sign in to open profiles and full community answers.

No community answers yet. Be the first to submit one.

Redundant Elements