Certificates
Level up your software testing and quality engineering skills with the credibility of a Ministry of Testing certification.
Activity
achieved:
This badge is awarded to members who update their profile with a new photo.
achieved:
This badge is awarded to members who update their social links on their profile.
achieved:
This badge is awarded to members who contribute a new term or an alternative definition to the software testing glossary.
earned:
Insecure Direct Object Reference (IDOR)
contributed:
Definitions of Insecure Direct Object Reference (IDOR)
Contributions
IDOR can show up in many places, beyond changing IDs in URLs, but also in how files are stored and accessed.Check the URL of the downloaded file.
E.g. it is possible to upload a CV to a job application website. The user can download the latest version to check for necessary updates.
Copy the URL of the downloaded document to a word processor.
Use another user id and password to log in.
Paste the copied URL in the address text field and press return.
If the document is shown, then other users can access personal data.
A more advanced trick is to change the name of the previously uploaded file in the URL.E.g. replace CV_John_Smith.pdf by CV_Peter_Jones.pdf.
