There are 2 repositories under idor topic.
Top disclosed reports from HackerOne
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
✅ Experience the power of an automated Insecure Direct Object Reference (IDOR) vulnerability detection tool. Safeguard your applications with cutting-edge technology that identifies potential security weaknesses in an efficient and streamlined manner.
Writeups for portswigger labs.
A sensible no bullshit repo of summaries of reports on hackerone, bugcrowd and alike, that makes straight up sense and make it easy to repeat and automate. This is supposed to serve as my personal reference, but should be a good public index reference for like minded.
Capture the Flag (CTF) is a cybersecurity competition that is used as a test of security skills.
CIDOR, aka Canvas IDOR, is a fuzzer/downloader/cleaner using common structures used by colleges for document retrieval. Watch the POC video for CIDOR finding previous Stanford University Mid-term Tests/Answers.
An easy ctf - Authentication Bypassing using IDOR vulnerability
solutions of hack-yourself-first
Exploit tool for IDORs in Bestiefy
Pentesting Live Targets
This repository is designed for IDOR vulnerabilities in a web application.
HTTPeeper is a quick way to perform HTTP requests using GET, POST, PUT, DELETE, PATCH, and OPTIONS to a specified URL. HTTPeeper is tool to investigate web interactions across different HTTP methods.
Hospital's Patient Records Management System v1.0 - 'id' Insecure direct object references (IDOR) leads to Account TakeOver