Skip to content

CyberCTF/idor-flask

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
build
build
 
 
deploy
deploy
 
 
docs
docs
 
 
test
test
 
 
README.md
README.md
 
 
WRITEUP.md
WRITEUP.md
 
 

Repository files navigation

Simple IDOR with Incremental Numeric IDs

A minimal Flask application demonstrating an insecure direct object reference (IDOR) vulnerability caused by using sequential integer identifiers in URLs without any access control or authentication.

Objectives

  • Identify insecure resource access using numeric IDs
  • Understand the risk of exposing data without authentication
  • Perform manual IDOR attacks using integer incrementation
  • Capture and report unauthorized data access

Difficulty

Beginner

Estimated Time

20–30 minutes

Prerequisites

  • Basic knowledge of HTTP and URLs
  • Ability to modify URL paths manually
  • Familiarity with curl, a browser, or BurpSuite

Skills Learned

  • IDOR discovery and exploitation
  • Enumerating numeric resource identifiers
  • Understanding the consequences of missing authorization checks
  • Performing manual fuzzing

Project Structure

  • build/ — Flask application code (app.py, templates/, static/)
  • deploy/ — Docker configuration files
  • test/ — Automated tests
  • docs/ — Documentation

Quick Start

Prerequisites

  • Docker and docker-compose

Installation

  1. Clone the repository
  2. Run the application: 
    docker-compose up --build
  3. Open http://localhost:3206 in your browser

Issue Tracker

https://github.com/cyberctf/idor-flask/issues

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages