# Insecure Direct Object Reference (IDOR)

* [Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)](https://twitter.com/jobertabma/status/1222194853066358784)
* Trick that allowed me to find many IDORs..
* [Hackers, minor cool insight that I gained some time ago and found a vulnerability with: when you're looking at an asset that may use a microservices architecture, look for IDOR vulnerabilities using path traversal. E.g. https://example/?id=1/../2. See thread.](https://twitter.com/jobertabma/status/1071091295425191937?s=20)

![https://twitter.com/m4ll0k/status/1290725338285256706?s=20](https://1889062997-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LbWrDBBrbM1WtGeIKRO%2F-MT9udV53L950jBMDHSU%2F-MT9v9_oIDHEbBr--c5R%2Fimage.png?alt=media\&token=73993033-8132-42f5-b1b4-2c358735f451)

{% embed url="<https://twitter.com/ADITYASHENDE17/status/1263863101423783936?s=20>" %}