Insecure Direct Object Reference (IDOR)

A type of access control vulnerability that occurs when an application uses user-supplied input to access objects directly.

Gain unauthorized access to other users invoices.

Buy tickets for less than the regular price.

Change another users password without permission.

Transfer money from another user's account to your own account without any permission.

View other users address information without any permission.

Change other users' profile information.

Purchase products for free.