When I was a teenager, our local telephone company introduced a new service — the premium phone calls (AKA 1-900 numbers). The fun part was that we discovered a workaround to these charges by dialing the sequential local numbers, which these 1-900 numbers would redirect to. If the “support number” for the 1-900 was 555-555, we would dial every number between 555-455 and 555-655 until we hit the jackpot…
Hours were spent dialing these numbers, leading us to make numerous calls for free. This attack is still prevalent today, and it’s called Insecure Direct Object References (IDOR).
This article has been indexed from DZone Security Zone
Read the original article: