CIDOR

Canvas IDOR v.2.1.0

!FOLLOW INSTALLATION INSTRUCTIONS BELOW!

CIDOR is a script written in BASH (Shell Script) to take advantage of Insecure direct object references in Canvas to get documents, files from colleges who have items that remain open. Written by n3on (@n3onhacks) in an attempt to get fun reading material.

Videos

1. Using CIDOR Video:

https://youtu.be/dgbUjN18fNs

2. POC - Finding OLD STANFORD UNIVERSITY MID-TERM ANSWERS w/ CIDOR Video:

https://www.youtube.com/watch?v=TxAPvd5FLmE

Usage

./cidor.sh

Note: !MUST RUN CIDOR AS $ROOT!

Follow prompts for input.

-After the cycle is completed, files will be in '/opt/cidor/downloads' folder

Installation Instructions

>>cd /opt (*must be in /opt folder to work)

>>git clone https://github.com/n3onhacks/cidor.git

>>cd cidor

>>mkdir downloads

>>mkdir temp

>>cd ..

>>chmod 777 -R cidor

>>cd cidor

>>./cidor.sh

Installation Video

https://www.youtube.com/watch?v=D1CSBlTEuYc

Version Control

Version 2.1.0 release

-Made more robust for renaming files, autodeleting

-Autodelete files made

Version 2.0.2 release

-Added multiple files / no longer single file.

-Added automated advanced output reporting features.

Version 2.0.1 release

-Narrowed down to one initial file to download.

-Updated README.md

Version 1.0 release

-Initial release of fuzzing/clean downloading tool using reoccuring directory structure with Canvas users

-Taking advantage of IDOR in Canvas ...it's CIDOR!