Advanced IDORs - 9 Techniques by Intigriti:
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject