AgentSkillsCN

IDOR Vulnerability Testing

当用户提出“测试不安全的直接对象引用”、“查找 IDOR 漏洞”、“利用访问控制缺陷”、“枚举用户 ID 或对象引用”,或“绕过授权访问其他用户的数据”时,这一技能都能为你提供全面的指导,助你高效检测、利用并修复 Web 应用中的 IDOR 漏洞。

SKILL.md
--- frontmatter
name: IDOR Vulnerability Testing
description: This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.
metadata:
  author: zebbern
  version: 4.1.0-fractal

IDOR Vulnerability Testing

Purpose

Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. This skill covers both database object references and static file references, detection techniques using parameter manipulation and enumeration, exploitation via Burp Suite, and remediation strategies for securing applications against unauthorized access.

Inputs / Prerequisites

  • Target Web Application: URL of application with user-specific resources
  • Multiple User Accounts: At least two test accounts to verify cross-user access
  • Burp Suite or Proxy Tool: Intercepting proxy for request manipulation
  • Authorization: Written permission for security testing
  • Understanding of Application Flow: Knowledge of how objects are referenced (IDs, filenames)

Outputs / Deliverables

  • IDOR Vulnerability Report: Documentation of discovered access control bypasses
  • Proof of Concept: Evidence of unauthorized data access across user contexts
  • Affected Endpoints: List of vulnerable API endpoints and parameters
  • Impact Assessment: Classification of data exposure severity
  • Remediation Recommendations: Specific fixes for identified vulnerabilities

Core Workflow

🧠 Knowledge Modules (Fractal Skills)

1. 1. Understand IDOR Vulnerability Types

2. 2. Reconnaissance and Setup

3. 3. Detection Techniques

4. 4. Exploitation with Burp Suite

5. 5. Common IDOR Locations

6. IDOR Testing Checklist

7. Response Analysis

8. Common Vulnerable Parameters

9. Operational Boundaries

10. Detection Challenges

11. Legal Requirements

12. Example 1: Basic ID Parameter IDOR

13. Example 2: IDOR in Address Update Endpoint

14. Example 3: Static File IDOR

15. Example 4: Burp Intruder Enumeration

16. Example 5: Horizontal to Vertical Escalation

17. Issue: All Requests Return 403 Forbidden

18. Issue: Application Uses UUIDs Instead of Sequential IDs

19. Issue: Session Token Bound to User

20. Issue: Rate Limiting Blocks Enumeration

21. Issue: Cannot Verify IDOR Impact

22. Implement Proper Access Control

23. Use Indirect References

24. Server-Side Validation