idor
OfficialExploit IDOR and access control flaws.
Software Engineering#access control#penetration testing#privilege escalation#api security#idor#parameter tampering
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit Insecure Direct Object Reference (IDOR) and broken access control vulnerabilities, allowing unauthorized access to sensitive data or functionality.
Core Features & Use Cases
- ID Enumeration: Test sequential, UUID, and other ID formats across various injection points (URL, POST body, headers).
- Access Control Testing: Verify if low-privilege users can access higher-privilege functions or other users' data.
- Use Case: A penetration tester suspects an API endpoint
/api/users/{id}/profileis vulnerable to IDOR. They use this Skill to systematically test different user IDs while authenticated as a low-privilege user to see if they can access other users' profiles or administrative functions.
Quick Start
Use the idor skill to test for horizontal privilege escalation on the target endpoint '/api/users/123/profile' using your current session.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: idor Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#idor Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.