Recently I saw a vulnerability that was very new to me. I've seen authN and authZ tied to some super random things in the past; ad tracking IDs, the literal username in a header, etc, but this one takes the cake for being weird to spot. It also highlights why the headers and their values need to be interrogated for both requests and responses. Starting the test there was a previous instance of an IDOR related to accessing uploaded files. The original vulnerability was pretty bad as it allowed...
