Phone shop sales managements system 1.0 insecure direct object reference (idor) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-06-22 | Type : webapps | Platform : php
This exploit / vulnerability Phone shop sales managements system 1.0 insecure direct object reference (idor) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
# Date: 21/06/2021
# Exploit Author: Pratik Khalane
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html
# Version: 1.0
# Tested on: Windows 10 Pro


Vulnerability Details
======================

Steps :


1) Log in to the application with the given credentials

Username: kwizera
Password: 12345

2) Navigate to Invoice and Click on Print Invoice.

3)In /Invoice.php?id=3005, modify the id Parameter to View User details,
Address,
Payments, Phone number, and Email of other Users

Phone shop sales managements system 1.0 insecure direct object reference (idor)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Phone shop sales managements system 1.0 insecure direct object reference (idor) Vulnerability / Exploit