idor-methodology
OfficialDetect and exploit IDOR vulnerabilities.
System Documentation
What problem does it solve?
IDOR vulnerabilities allow attackers to access or modify data of other users by manipulating identifiers such as user_id, account numbers, or file names without proper authorization checks. This Skill provides a structured methodology to detect, verify, and reason about insecure direct object references across APIs and web applications, including horizontal and vertical privilege escalation, multi-step chains, file/resource access, and indirect references.
Core Features & Use Cases
- Systematic discovery across URL paths, query parameters, request bodies, and indirect identifiers (e.g., GraphQL variables, API responses).
- Coverage of bypass techniques (parameter pollution, encoding, method switching) and multi-step attack chains for real-world scenarios.
- Evidence-driven testing with PoCs, scalable reconnaissance scripts, and guidance for validating write/modify operations.
Quick Start
Provide an IDOR test plan for a target API and run the methodology to enumerate identifiers and verify access controls.
Dependency Matrix
Required Modules
None requiredComponents
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: idor-methodology Download link: https://github.com/wgpsec/AboutSecurity/archive/main.zip#idor-methodology Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.