Insecure Direct Object Reference (IDOR)
IDOR is a critical access control vulnerability that allows attackers to access unauthorized resources by manipulating reference parameters. Learn how to exploit and prevent IDOR vulnerabilities.
CRITICAL SEVERITYOWASP Top 10 #1CWE-6395 Techniques
π§ͺ Interactive IDOR Lab
Select an IDOR technique and practice unauthorized access attacks in a safe environment
Select Context
Choose an IDOR context to begin testing
π’
Sequential ID Manipulation
Exploit predictable sequential identifiers
Beginner2 attacks
π²
UUID/GUID Manipulation
Exploit weak UUID generation or predictable GUIDs
Intermediate1 attacks
βοΈ
Parameter Manipulation
Manipulate request parameters to access unauthorized resources
Intermediate2 attacks
π
API Endpoint IDOR
Exploit IDOR vulnerabilities in API endpoints
Advanced2 attacks
π¦
Mass Assignment
Exploit mass assignment to modify protected fields
Expert1 attacks
π
Quick Reference
Always available while you work