header-logo
Suggest Exploit
vendor:
Phone Shop Sales Managements System
by:
Pratik Khalane
8,8
CVSS
HIGH
Insecure Direct Object Reference (IDOR)
639
CWE
Product Name: Phone Shop Sales Managements System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:phone_shop_sales_managements_system:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 Pro
2021

Phone Shop Sales Managements System 1.0 – Insecure Direct Object Reference (IDOR)

Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR) vulnerability. By modifying the id parameter in the URL, an attacker can view user details, address, payments, phone number, and email of other users.

Mitigation:

Implement access control checks to ensure that a user can only access the data that they are authorized to access.
Source

Exploit-DB raw data:

# Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
# Date: 21/06/2021
# Exploit Author: Pratik Khalane
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html
# Version: 1.0
# Tested on: Windows 10 Pro


Vulnerability Details
======================

Steps :


1) Log in to the application with the given credentials

Username: kwizera
Password: 12345

2) Navigate to Invoice and Click on Print Invoice.

3)In /Invoice.php?id=3005, modify the id Parameter to View User details,
Address,
Payments, Phone number, and Email of other Users

Navigation

Suggest Exploit

Services By CQR