Skip to content

CyberCTF/lab-flask-idor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
build
build
 
 
deploy
deploy
 
 
docs
docs
 
 
test
test
 
 
README.md
README.md
 
 
done.md
done.md
 
 

Repository files navigation

Flask IDOR: Insecure Direct Object Reference Lab

Description

Learn how a lack of authorization checks in a Flask application's download endpoint can allow attackers to access or exfiltrate other users' files.

Default Credentials

  • Username: alice
  • Password: alicepass

Objectives

  • Identify endpoints vulnerable to IDOR
  • Craft and send unauthorized resource access requests
  • Verify access to data owned by other users

Difficulty

Beginner

Estimated Time

30 minutes

Prerequisites

  • Basic Flask knowledge
  • HTTP fundamentals
  • Familiarity with browser developer tools or curl

Skills Learned

  • Finding and exploiting IDOR in Flask routes
  • Testing for insufficient access control
  • Validating and reporting sensitive data exposure

Project Structure

  • folder: build
  • folder: deploy
  • folder: test
  • folder: docs
  • file: README.md
  • file: .gitignore

Quick Start

Prerequisites: Docker or Python 3 with virtualenv installed.

Installation:

git clone <repo-url>
cd flask-idor-lab
docker-compose up
# or:
pip install -r build/requirements.txt
cd build
flask run

Issue Tracker

https://github.com/example/flask-idor-lab/issues

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages