Mostly Purp / Scripting..
Look for code and Frontend js functions. direkt parameters with ?=
hashes also often valid
look for clientsided js code.
Don’t forget u can combine them and also use in combination with Request Forgery.
Web Exploitation
Insecure Direct Object References (IDOR
Notes and commands for Insecure Direct Object References (IDOR.