orm-filter-data-leak
OfficialExploit ORM filters to leak joined table data
Software Engineering#orm#web-security#security-testing#red-teaming#data-leak#filter-exploitation#relationship-traversal
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Web applications using ORMs often expose search and filter endpoints that allow attackers to traverse relationships between database tables, accessing sensitive data from joined models that should not be publicly available, resulting in unintended data leaks.
Core Features & Use Cases
- ORM Filter Syntax Detection: Identifies common ORM filter patterns including double underscores, dot notation, and nested object syntax in endpoint parameters.
- Relationship Traversal Probes: Provides pre-built payloads to test traversal of model relationships and access fields from related tables.
- Use Case: A red teamer testing a Django user management API can use this skill to check if the /api/users endpoint allows accessing sensitive SSN fields from user profile models via filters like profile__ssn__startswith=1.
Quick Start
Use the orm-filter-data-leak skill to test the /api/users endpoint for sensitive data leaks by sending filter payloads that traverse user profile relationships to access hidden SSN fields.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: orm-filter-data-leak Download link: https://github.com/dreadnode/capabilities/archive/main.zip#orm-filter-data-leak Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.