Historically, system developers have been assigning auto-incrementing integer identifiers to database rows. This made it trivial to exploit IDORs. Just one vulnerability could allow exfiltration of all objects belonging to any user in the application. Same goes for delete or edit IDORs.Continue reading
Hey There, I am Amey Anekar - Web and Mobile Application Security Specialist, Bug Bounty Hunter and Author of TechKranti. I love to write and discuss all things Security. Feel free to DM me on Twitter if you would like to have a chat.