Below is a copy: Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0
Vulnerability Details
======================
Steps :
1) Log in to the application after register new user
Username: test
Password: 12345
2) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.
3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,
First Name, Phone number, and other data
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum