Insecure Direct Object Reference


The application is vulnerable to an insecure direct object reference. The application makes a reference to an internal object such as a file or database key, which is exposed to users without proper access control. An attacker can manipulate the object reference in order to bypass access controls and obtain access to unauthorized resources.

Impact

An attacker can manipulate the reference values for an object to bypass authorization rules in order to access sensitive data. In many cases, an attacker can iterate through reference values to access all the data associated with the object.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply