H8 SSRMS – ‘id’ IDOR

• Exploit Database
• 36 阅读

• 作者： Mohammed Farhan
  日期： 2021-02-01
• 类别：

  • webapps
  平台：

  • aspx
• 来源：https://www.exploit-db.com/exploits/49508/

• # Exploit Title: H8 SSRMS - 'id' IDOR
  # Date: 01/31/2021
  # Exploit Author: Mohammed Farhan
  # Vendor Homepage: https://www.height8tech.com/
  # Version: H8 SSRMS
  # Tested on: Windows 10
  
  
  Vulnerability Details
  ======================
  Login to the application
  Navigate to Payment Section and Click on Print button.
  In QuotePrint.aspx, modify the id Parameter to View User details, Address,
  Payments, Phonenumber and Email of other Users