hunt-idor

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document contains explicit, step-by-step offensive techniques for discovering and exploiting IDOR vulnerabilities to exfiltrate sensitive data, perform account takeover, escalate privileges, and enable financial fraud — indicating deliberate malicious intent and high abuse potential.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents and encourages interaction with financial state-change APIs: e.g., examples and chains reference POST /api/orders/{order_id}/refund (issuing refunds), modifying voucher/policy to redirect charges, and other billing endpoints. It names payment platforms (Stripe, PayPal) and describes chains that perform refunds, redirect charges, or change billing information — all concrete financial operations. These are not merely generic HTTP or browser actions; they target endpoints whose primary effect is moving or redirecting money. Therefore it grants direct financial execution capability.