Image: Medium, Ozgur Alp
Ozgur Alp published an interesting medium post on Newsworthy about second order insecure object direct reference (IDOR) attacks. These cross site scripting attacks can take place when web application redirects are hijacked and identifiers are injected and used in without being validating.
Source: