What is an IDOR vulnerability?

Insecure Direct Object Reference (IDOR) is a type of access control vulnerability where an application uses user-supplied input to access objects directly, allowing attackers to bypass authorization and access data belonging to other users.

How does this skill assist with Burp Suite?

The skill provides specific methodologies for using Burp Suite's Proxy and Intruder tools, including configuration for Sniper and Battering Ram attacks to automate the enumeration of IDs.

Can this skill help fix security vulnerabilities?

Yes, it includes detailed remediation guidance such as implementing object-level access control checks and using indirect references to hide internal database IDs.

Does it support testing for UUIDs or GUIDs?

Yes, it covers techniques for discovering leaked UUIDs and testing for predictable patterns in non-sequential identifiers.

IDOR Vulnerability Testing

Name: IDOR Vulnerability Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

セキュリティとテスト

Conducts systematic identification, exploitation, and remediation of Insecure Direct Object Reference (IDOR) vulnerabilities in web applications and APIs.

This skill provides a comprehensive framework for security professionals and developers to detect and mitigate broken access control vulnerabilities. It guides users through the entire testing lifecycle, from initial reconnaissance and account setup to advanced parameter manipulation and automated enumeration using tools like Burp Suite. By covering both database object references and static file exposures, the skill enables users to generate detailed vulnerability reports, create proof-of-concept evidence, and implement robust server-side remediation strategies to protect sensitive user data.

主な機能

01API and static file reference analysis

02Burp Suite Intruder automation strategies

03Step-by-step IDOR detection workflows

040 GitHub stars

05Horizontal and vertical privilege escalation testing

06Code-level remediation and security guidance

ユースケース

01Automating the discovery of predictable resource identifiers

02Validating access control logic during the development lifecycle

03Performing security audits on RESTful API endpoints

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front idor-testing

For use in Claude.ai and ChatGPT

Download Skill