PRIMARY CATEGORY → WEB ATTACKS
Components ⟡
Insecure Function Calls
Once certain sensitive information is gathered through an IDOR attack ( See here ), we can use the given data to try to update, delete or create new information structures through IDOR Insecure Function Calls
That is, any information disclosure we achieve through an IDOR is usually via a GET request, either to the web application or to an API
However, if we want to carry out any creation, deletion or modification process, we should bear in mind that this can be done through the following HTTP verbs
- POST → Creation
- PUT → Modification ( Updates )
- DELETE → Deletion