Home / Hacking Glossary / IDOR

IDOR (Insecure Direct Object Reference)

A web vulnerability where an application exposes internal object references (like database IDs) in URLs or parameters, allowing attackers to access unauthorized resources by modifying the reference.

vulnerability web
Practice Challenges 1 category
Web Exploitation
View challenges
Related Labs 1 lab
Staff Connect

Staff Connect

Hard SQL Injection

Dive into the zany world of a staffing agency's API, where your mission is to exploit IDOR vulnerabilities and uncover SQLi flaws while dodging our cheeky digital recruiter???s pranks.

PRO
View all labs →
Active CTF Events 3

SecurityBoat Community CTF Event 2026

Jan 4 - Jan 4, 2026 · 100 players

Bsides Agra CTF 2025

Dec 6 - Dec 7, 2025 · 100 players

Bsides Vizag CTF 2025

Dec 5 - Dec 6, 2025
View all events →
Related Terms 12
Command Injection Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS) Directory Traversal LFI (Local File Inclusion) Open Redirect RFI (Remote File Inclusion) SQL Injection (SQLi) SSRF (Server-Side Request Forgery) SSTI (Server-Side Template Injection) XML External Entity (XXE) XPath Injection

Ready to learn IDOR hands-on?

Put theory into practice with real hacking labs, CTF challenges, and guided courses on Parrot CTFs Events.

Get Started Free