Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)

EDB-ID:

50050

CVE:

N/A

EDB Verified:

Author:

Pratik Khalane

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2021-06-22

Vulnerable App: 
# Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
# Date: 21/06/2021
# Exploit Author: Pratik Khalane
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html
# Version: 1.0
# Tested on: Windows 10 Pro


Vulnerability Details
======================

Steps :


1) Log in to the application with the given credentials

Username: kwizera
Password: 12345

2) Navigate to Invoice and Click on Print Invoice.

3)In /Invoice.php?id=3005, modify the id Parameter to View User details,
Address,
Payments, Phone number, and Email of other Users
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services