Commit 0b5281d2 authored by Philip Linghammar's avatar Philip Linghammar
Browse files

Updates insecure-direct-object-reference-idor.md 

Auto commit by GitBook Editor
parent 07f26465

SUMMARY.md

+1 −0
Original line number Diff line number Diff line
@@ -59,6 +59,7 @@ 
        * [Examples](examplesXSS.md)

      * [Browser Vulnerabilities](browser_vulnerabilities.md)

      * [Java Applet](java_applet.md)

      * [Insecure Direct Object Reference \(IDOR\)](insecure-direct-object-reference-idor.md)

  * [Automated Vulnerability Scanners](automated_vulnerability_scanners.md)

* [Exploiting](exploiting.md)

  * [Social Engineering - Phishing](social_engineering_-_phishing.md)

insecure-direct-object-reference-idor.md

0 → 100644
+26 −0
Original line number Diff line number Diff line 
## Insecure Direct Object Reference







The vulnerability arises when the user has direct access to objects from user-supplied data. 







The classic example of this would be something like the follwoing 



```

http://foo.bar/changepassword?user=someuser

```



Imagine that you know anothers username , then you can just change the username and be able to change the password for that user. 







### How to discover



If you have access to the source-code that is an easy way to do it. Check the sections where restricted data is presented. And see if there is any access-control in that code.