Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090075

Below is a copy:

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0


Vulnerability Details
======================

Steps :


1) Log in to the application after register new user

Username: test
Password: 12345

2) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.

3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,

First Name, Phone number, and other data

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.