Learn how to test for IDOR (Insecure Direct Object Reference) vulnerabilities using Caido's Autorize plugin. Test if user accounts can access each other's data.
Current User:None |
User ID:None Token:None
User Accounts
USER 101
John Doe
john@example.com
USER 102
Bob Smith
bob@example.com
API Endpoints
GET
/autorize.php?action=profile&user_id={id}
GET
/autorize.php?action=orders&user_id={id}
GET
/autorize.php?action=messages&user_id={id}
GET
/autorize.php?action=settings&user_id={id}
Each endpoint requires a user_id parameter. Test with Autorize to find IDOR vulnerabilities.
