Skip to main contentSkip to main content
Room Banner
Back to all walkthroughs
Room Icon

IDOR

Premium room

Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have.

easy

30 min

172,696

User profile photo.

To access material, start machines and answer questions login.

In this room, you're going to learn what an vulnerability is, what they look like, how to find them and a practical task exploiting a real case scenario.

What is an ?

stands for Insecure Direct Object Reference and is a type of access control vulnerability.

This type of vulnerability can occur when a web server receives user-supplied input to retrieve objects (files, data, documents), too much trust has been placed on the input data, and it is not validated on the server-side to confirm the requested object belongs to the user requesting it.

Answer the questions below
What does IDOR stand for?

Ready to learn Cyber Security?

The IDOR room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information see our cookie policy.