Authorisation-Based Vulnerabilities

Parameter Pollution

HTTP parameter pollution (HPP) can be introduced if multiple HTTP parameters have the same name, which could cause the application to interpret values incorrectly. HPP can be used to bypass input validation, trigger application errors, or modify internal variable values.

Insecure Direct Object Reference (IDOR)

IDOR vulnerabilities can be exploited when a web application allows direct access to objects based on user input. IDOR vulnerabilities can be exploited by modifying the value of a parameter to point directly to an object, to successfully exploit this, an attacker needs to map out all locations in the application where user input is used to reference objects directly.

Last updated 29 days ago

Authorisation-Based Vulnerabilities

Parameter Pollution

Insecure Direct Object Reference (IDOR)

Last updated 29 days ago