Insecure
Direct Object References allows attackers to bypass authorization and
access resources directly by modifying the value of a parameter used
to directly point to an object. Such resources can be database
entries belonging to other users, files in the system and more. This
is caused by the fact that the application takes user supplied input
and uses it to retrieve an object without performing sufficient
authorization checks.
The Application uses untested data in a SQL call that is accessing
account information.
It allows an authorized user to obtain the information of other
users, and could be establish in any type of web applications.
Basically it allows requests to be made to specific objects through
pages or services without the proper verification of requested users
right to the content.
