Advertisement






Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

CVE Category Price Severity
N/A CWE-285 Unknown Unknown
Author Risk Exploitation Type Date
Unknown Unknown Remote 2022-09-27
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090075

Below is a copy:

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0


Vulnerability Details
======================

Steps :


1) Log in to the application after register new user

Username: test
Password: 12345

2) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.

3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,

First Name, Phone number, and other data

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.