Secure Legion Labs
Labs/IDOR

OWASP Top 10

IDOR Lab Navigation

Move through a full four-room IDOR progression: simple object reference abuse, multi-parameter ownership bugs, workspace-level leaks, and a deeply nested extreme case.

Easy

Single account identifier with direct unauthorized record access.

Medium

Cross-customer invoice exposure through mismatched object relationships.

Hard

Authorized workspace plus foreign report reference leaking exports.

Extreme

Tenant, case, and snapshot chaining with a deep object mismatch bug.