Insecure Direct Object Reference (IDOR) Attack
Insecure Direct Object Reference (IDOR) Attack happens when a hacker gets access to something they shouldn’t be able to see, like secret information or private files. This can happen when a computer program doesn’t check to make sure that the person accessing the information is authorized to see it.
For example, imagine a bank website that lets you see your bank statements. If the website doesn’t check to make sure that you’re only seeing your own statements and not other people’s, a hacker could easily use a tool to change the URL or ID number of the statement they’re seeing and be able to access someone else’s secret financial information.
IDOR attacks can be really dangerous because they give hackers access to sensitive information that they can use to do bad things, like steal someone’s identity or access their bank account. To prevent IDOR attacks, computer programs need to be designed so that they can only access the information that they’re supposed to, and make sure that only authorized users can access private information.