| IDOR 1 |
Simple and straightforward. Identify and exploit the easiest token. |
Visit IDOR 1 |
| IDOR 2 |
Slightly obfuscated endpoint but still manageable. Pay attention to the requests. |
Visit IDOR 2 |
| IDOR 3 |
More complex endpoint structure. Analyze and experiment carefully. |
Visit IDOR 3 |
| IDOR 4 |
Advanced endpoint obfuscation. Think creatively and use all tools at your disposal. |
Visit IDOR 4 |
| UUID Labs |
Labs replacing numeric identifiers with UUIDs. Find patterns and logic leaks. |
Visit UUID Labs |
| Ratbook |
A social networking mimic. Exploit actions like viewing, editing, or deleting posts. |
Visit Ratbook |
| IDOR with POST Actions |
Focus on POST requests. Exploit server actions tied to data modification. |
Visit POST Actions |
| Second Order IDOR |
Trigger secondary actions or delayed processing to exploit vulnerabilities. |
Visit Second Order IDOR |
| JS |
A JavaScript-heavy application. Explore vulnerabilities in client-server communication. |
Visit JS Lab |
| Theme Park IDOR |
Explore and exploit vulnerabilities in a Theme Park mimic site. |
Visit Theme Park IDOR |
| Write-Up by Uday |
Insights and methodologies for tackling IDOR labs. |
Read Write-Up |
| Write-Up by akmk |
Detailed write-up on IDOR and CSRF vulnerabilities. |
Read Write-Up |