AgentSkillsCN

a01-broken-access-control

掌握针对访问控制缺陷的测试技能,包括IDOR、CSRF、CORS配置错误以及开放重定向等漏洞,依据OWASP A01:2021标准进行检测。

SKILL.md
--- frontmatter
name: a01-broken-access-control
description: Skills for testing broken access control vulnerabilities including IDOR, CSRF, CORS misconfigurations, and open redirects per OWASP A01:2021.
compatibility: Requires Burp Suite for testing
allowed-tools: burpsuite curl
metadata:
  owasp: A01:2021
  category: web

Broken Access Control (OWASP A01)

Access control enforces policy such that users cannot act outside their intended permissions.

Skills

  • IDOR - Insecure Direct Object Reference exploitation
  • CSRF - Cross-Site Request Forgery attacks
  • CORS Bypass - CORS misconfiguration exploitation
  • Open Redirect - URL redirect manipulation

Quick Reference

AttackRiskDetection
IDORHighModify object IDs in requests
CSRFMediumCheck for missing/weak tokens
CORSMediumTest Origin header reflection
Open RedirectLow-MediumTest redirect parameters