00 — Overview

IDOR — Broken Access Control

Learn how to access other users' data by manipulating object references — one of the most common and impactful vulnerabilities in web applications.

Beginner·50 min·11 tasks

// By the end of this module

→Understand how insecure direct object references expose unauthorised data

→Find IDOR in URL parameters, JSON bodies, and HTTP headers

→Enumerate object IDs to access other users' resources

→Escalate IDOR from read access to modification and deletion

// Prerequisites

Foundation · Beginner

45 min

Foundation · Beginner

35 min