header-logo
Suggest Exploit
vendor:
H8 SSRMS
by:
Mohammed Farhan
8.8
CVSS
HIGH
IDOR
200
CWE
Product Name: H8 SSRMS
Affected Version From: H8 SSRMS
Affected Version To: H8 SSRMS
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2021

H8 SSRMS – ‘id’ IDOR

Login to the application, navigate to Payment Section and Click on Print button. In QuotePrint.aspx, modify the id Parameter to View User details, Address, Payments, Phonenumber and Email of other Users.

Mitigation:

Implement proper access control and authorization checks to ensure that only authorized users can access sensitive information.
Source

Exploit-DB raw data:

# Exploit Title: H8 SSRMS - 'id' IDOR
# Date: 01/31/2021
# Exploit Author: Mohammed Farhan
# Vendor Homepage: https://www.height8tech.com/
# Version: H8 SSRMS
# Tested on: Windows 10


Vulnerability Details
======================
Login to the application
Navigate to Payment Section and Click on Print button.
In QuotePrint.aspx, modify the id Parameter to View User details, Address,
Payments, Phonenumber and Email of other Users

Navigation

Suggest Exploit

Services By CQR