mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00

Files

T

copilot-swe-agent[bot] ba72efbc5e Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:01:04 +00:00

696 B

Raw Permalink Blame History

IDOR (Insecure Direct Object References)

Description

Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. As a result, attackers can bypass authorization and access resources directly by modifying the value of a parameter used to point to an object.

Common Attack Vectors

URL parameters (IDs, usernames)
API endpoints
File references
Database keys
Session tokens

Testing Approach

Manipulate object references (IDs, filenames, keys) to access unauthorized resources belonging to other users.

Payloads

See idor-payloads.txt for a comprehensive list of IDOR testing techniques and payloads.

696 B Raw Permalink Blame History