Advertisement






Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

CVE Category Price Severity
N/A CWE-285 Unknown Unknown
Author Risk Exploitation Type Date
Unknown Unknown Remote 2022-09-27
CPE
cpe:cpe:/a:online-birth-certificate-management-system:1.0
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090075

Below is a copy:

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0


Vulnerability Details
======================

Steps :


1) Log in to the application after register new user

Username: test
Password: 12345

2) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.

3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,

First Name, Phone number, and other data

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum