mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 19:36:33 +00:00
Restructure repository: Remove OWASP categorization, organize by vulnerability type
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -0,0 +1,17 @@
|
||||
# IDOR (Insecure Direct Object References)
|
||||
|
||||
## Description
|
||||
Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. As a result, attackers can bypass authorization and access resources directly by modifying the value of a parameter used to point to an object.
|
||||
|
||||
## Common Attack Vectors
|
||||
- URL parameters (IDs, usernames)
|
||||
- API endpoints
|
||||
- File references
|
||||
- Database keys
|
||||
- Session tokens
|
||||
|
||||
## Testing Approach
|
||||
Manipulate object references (IDs, filenames, keys) to access unauthorized resources belonging to other users.
|
||||
|
||||
## Payloads
|
||||
See `idor-payloads.txt` for a comprehensive list of IDOR testing techniques and payloads.
|
||||
Reference in New Issue
Block a user