IDOR

Insecure Direct Object References.

Occurs when a web application allows a user to access data or resources that they should not view or modify, simply by manipulating object identifiers (such as numeric IDs, keys, or other unique identifiers) within the URL or request parameters.

Steps:

• Check parameters

• Check javascript

• Check API calls