mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00

Files

T

copilot-swe-agent[bot] ba72efbc5e Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:01:04 +00:00

idor-payloads.txt

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

IDOR (Insecure Direct Object References)

Description

Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. As a result, attackers can bypass authorization and access resources directly by modifying the value of a parameter used to point to an object.

Common Attack Vectors

URL parameters (IDs, usernames)
API endpoints
File references
Database keys
Session tokens

Testing Approach

Manipulate object references (IDs, filenames, keys) to access unauthorized resources belonging to other users.

Payloads

See idor-payloads.txt for a comprehensive list of IDOR testing techniques and payloads.