Phone Shop Sales Managements System 1.0 – Insecure Direct Object Reference (IDOR)

Exploit Database
95 阅读

作者： Pratik Khalane

日期： 2021-06-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50050/

# Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
# Date: 21/06/2021
# Exploit Author: Pratik Khalane
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html
# Version: 1.0
# Tested on: Windows 10 Pro


Vulnerability Details
======================

Steps :


1) Log in to the application with the given credentials

Username: kwizera
Password: 12345

2) Navigate to Invoice and Click on Print Invoice.

3)In /Invoice.php?id=3005, modify the id Parameter to View User details,
Address,
Payments, Phone number, and Email of other Users

last Exploits
Phone Shop Sales Managements System 1.0 – Insecure Direct Object Reference (IDOR)的更多信息

Zeeways Adserver – Multiple Vulnerabilities：
Victor CMS 1.0 – ‘Search’ SQL Injection：
iScripts MultiCart 2.4 – Persistent Cross-Site Scripting / Cross-Site Request Forgery / Cross-Site Scripting / Cross-Site Request Forgery / Mass Accounts Takeover：
LightNEasy 3.1.x – Multiple Vulnerabilities：
Zimbra – ‘aspell.php’ Cross-Site Scripting：
Bludit 3.9.2 – Directory Traversal：
Ecomat CMS – SQL Injection：
Easy Blog by JM LLC – Multiple Vulnerabilities：