Description

Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly.

Proof of Concept

1) Login into your account at demo.usememos.com
2) Turn on your burpsuite proxy
3) Go to the resources endpoint , delete a resource and capture the request 
4) Send this request to the repeater and drop the current request
5) Change the Resource ID to victims Resource ID and forward the request 
6)  You will see that the victims memo has been archived 

POC video: https://drive.google.com/file/d/1KYrmd96u0G1pLDESopvvtLXP3w6Jjsr3/view?usp=sharing