When a Simple Request Change Exposes Sensitive Data: Lessons from an IDOR Vulnerability

With every pentest, I have a nice story to tell. Recently, during an engagement, I discovered a subtle yet critical vulnerability: An Insecure Direct Object Reference (IDOR) that exposed user data. Easy to overlook, but could have serious business co...