Does it cover both horizontal and vertical escalation?

Absolutely. The skill provides methodologies for testing horizontal escalation (accessing other users' data at the same level) and vertical escalation (accessing administrative functions).

What is an IDOR vulnerability?

Insecure Direct Object Reference (IDOR) occurs when an application provides direct access to objects based on user-supplied input (like an ID in a URL) without sufficiently verifying if the user is authorized to access that specific resource.

Is remediation guidance included for developers?

Yes, it provides specific coding examples, such as ownership validation logic, to help developers implement proper server-side access controls.

Can this skill help automate IDOR testing?

Yes, it includes detailed workflows for using Burp Suite Intruder to perform automated enumeration of object references across ranges of IDs.

What tools are recommended for use with this skill?

The skill specifically highlights the use of Burp Suite and other intercepting proxies for request manipulation and automated payload delivery.

IDOR Vulnerability Testing Skill

Name: IDOR Vulnerability Testing Skill
Author: boisenoise

byboisenoise

0•

Security & Testing

Provides a systematic framework for detecting, exploiting, and remediating Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

This skill equips security researchers and developers with a comprehensive toolkit for identifying and mitigating Insecure Direct Object Reference (IDOR) flaws. It covers diverse attack vectors including database object and static file reference manipulation, providing structured workflows for both manual and automated testing. Users can leverage step-by-step guidance for reconnaissance, parameter manipulation across various HTTP methods, and automated enumeration using tools like Burp Suite. Beyond discovery, the skill provides actionable impact assessments and code-level remediation strategies to ensure robust access control implementation.

Key Features

01Comprehensive mapping of common vulnerable API endpoints and parameters

02Systematic methodologies for horizontal and vertical privilege escalation testing

03Code-level remediation guidance for implementing ownership-based access controls

04Automated enumeration workflows using Burp Suite Intruder and Battering Ram attacks

05Detailed techniques for URL, request body, and HTTP method manipulation

060 GitHub stars

Use Cases

01Automating the discovery of sensitive resources via API endpoint enumeration

02Implementing secure coding patterns to prevent broken access control during development

03Conducting security audits to identify unauthorized cross-user data access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add boisenoise/skills-collections antigravity-idor-testing

For use in Claude.ai and ChatGPT

Download Skill