Phone Shop Sales Managements System 1.0 – Insecure Direct Object Reference (IDOR)

Exploit Database
39 阅读

作者： Pratik Khalane

日期： 2021-06-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50050/

# Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
# Date: 21/06/2021
# Exploit Author: Pratik Khalane
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html
# Version: 1.0
# Tested on: Windows 10 Pro


Vulnerability Details
======================

Steps :


1) Log in to the application with the given credentials

Username: kwizera
Password: 12345

2) Navigate to Invoice and Click on Print Invoice.

3)In /Invoice.php?id=3005, modify the id Parameter to View User details,
Address,
Payments, Phone number, and Email of other Users

last Exploits
Phone Shop Sales Managements System 1.0 – Insecure Direct Object Reference (IDOR)的更多信息

Exponent CMS 2.0.0 Beta 1.1 – Local File Inclusion / Arbitrary File Upload：
ZeeWays Script – SQL Injection：
Brickcom Corporation Network Cameras – Multiple Vulnerabilities：
V-SOL GPON/EPON OLT Platform 2.03 – Remote Privilege Escalation：
EasyPHP Webserver 14.1 – Multiple Vulnerabilities (RCE and Path Traversal)：
Victor CMS 1.0 – Authenticated Arbitrary File Upload：
PlaySms 0.9.9.2 – Cross-Site Request Forgery：
sX-Shop – Multiple SQL Injections：