Insecure Direct Object Reference (IDOR)
Change HTTP method
Change file extension
Try to change the extension of the endpoint that you have.
Convert request body
Convert the body of the request to array or to include a json on it.
Test wildcards
Change the identifier of the request to a wildcard.
Check another version
Many API endpoints expose the version in the request, try to change it to use another older.
Missing Function Level Access Control (MFLAC)
Path Traversal Secondary Context
HTTP Parameter Pollution
References
Last updated
Was this helpful?