The application is vulnerable to an insecure direct object reference. The application makes a reference to an internal object such as a file or database key, which is exposed to users without proper access control. An attacker can manipulate the object reference in order to bypass access controls and obtain access to unauthorized resources.
An attacker can manipulate the reference values for an object to bypass authorization rules in order to access sensitive data. In many cases, an attacker can iterate through reference values to access all the data associated with the object.
How To Test
Sample Report Screenshots
Time Saving Tips