Phone Shop Sales Managements System 1.0 不安全的直接對象引用(IDOR)

From PwnWiki
Revision as of 08:09, 23 June 2021 by Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR) # Date: 21/06/2021 # Exploit Author: Pratik Khalane # Vendor Homepage:...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
# Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
# Date: 21/06/2021
# Exploit Author: Pratik Khalane
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html
# Version: 1.0
# Tested on: Windows 10 Pro


Vulnerability Details
======================

Steps :


1) Log in to the application with the given credentials

Username: kwizera
Password: 12345

2) Navigate to Invoice and Click on Print Invoice.

3)In /Invoice.php?id=3005, modify the id Parameter to View User details,
Address,
Payments, Phone number, and Email of other Users
Retrieved from "https://pwnwiki.com/index.php?title=Phone_Shop_Sales_Managements_System_1.0_不安全的直接對象引用(IDOR)&oldid=5560"