idor-vulnerability-testing

Solid

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.

Testing & QA 27,681 stars 2854 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# IDOR Vulnerability Testing ## Purpose Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. This skill covers both database object references and static file references, detection techniques using parameter manipulation and enumeration, exploitation via Burp Suite, and remediation strategies for securing applications against unauthorized access. ## Inputs / Prerequisites - **Target Web Application**: URL of application with user-specific resources - **Multiple User Accounts**: At least two test accounts to verify cross-user access - **Burp Suite or Proxy Tool**: Intercepting proxy for request manipulation - **Authorization**: Written permission for security testing - **Understanding of Application Flow**: Knowledge of how objects are referenced (IDs, filenames) ## Outputs / Deliverables - **IDOR Vulnerability Report**: Documentation of discovered access control bypasses - **Proof of Concept**: Evidence of unauthorized data access across user contexts - **Affected Endpoints**: List of vulnerable API endpoints and parameters - **Impact Assessment**: Classification of data exposure severity - **Remediation Recommendations**: Specific fixes for identified vulnerabilities ## Core Workflow ### 1. Understand IDOR Vulnerability Types #### Direct Reference to Database Objects Occurs when applications reference database records via user-controllable parameters: ``` # Original URL (authenti...

Details

Author
davila7
Repository
davila7/claude-code-templates
Created
11 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Solid

idor-vulnerability-testing

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.

4,215 Updated today
zebbern
Testing & QA Listed

idor-vulnerability-testing

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.

335 Updated today
aiskillstore
Testing & QA Listed

idor-testing

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or obje...

335 Updated today
aiskillstore
Testing & QA Featured

idor-testing

Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

39,227 Updated today
sickn33
AI & Automation Featured

exploiting-idor-vulnerabilities

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.

12,642 Updated today
mukul975