# Insecure Direct Object Reference (IDOR) An IDOR (Insecure Direct Object Reference) vulnerability is a type of security flaw that occurs when an application uses user-supplied input to access or manipulate data objects, such as files or database records, without properly validating and authorizing the user's request. This can allow an attacker to bypass access controls and gain unauthorized access to sensitive information or resources by manipulating the direct object reference (e.g., changing a numeric ID in a URL to access another user's data). Another name for IDOR vulnerabilities is Broken Object Level Authentication (BOLA). ### Burp Suite Regex Use the following regex in Burp Suite to filter out potential parameters which may be vulnerable to IDOR. ```bash (?i)\b\w*id\b(?!\w)\s*=\s*("[^"]*"|'[^']*'|[^&\s}]*) ``` ### Notes It should be noted that even if the vulnerable parameters are difficult to guess, it is still a valid IDOR vulnerability. The essence of an IDOR vulnerability is that it allows an attacker to manipulate object references directly, without proper authorization. While it may be more challenging for an attacker to exploit the vulnerability if the parameter values are hard to guess, it is still a security weakness that could potentially be exploited. ### Resources This is one of the best IDOR walkthroughs I've ever watched. Z-winK does an excellent job covering different types of IDOR, providing examples, and showing how you can hunt these vulnerabilities in the wild yourself. {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ttp.parzival.sh/pentesting/web-applications/insecure-direct-object-reference-idor.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.