This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 236 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR) # Date: 21/06/2021 # Exploit Author: Pratik Khalane # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html # Version: 1.0 # Tested on: Windows 10 Pro Vulnerability Details ====================== Steps : 1) Log in to the application with the given credentials Username: kwizera Password: 12345 2) Navigate to Invoice and Click on Print Invoice. 3)In /Invoice.php?id=3005, modify the id Parameter to View User details, Address, Payments, Phone number, and Email of other Users Link to comment Share on other sites More sharing options...
Recommended Posts