Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

2022.09.27

Credit: Yousef Alraddadi

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0
Vulnerability Details
======================
Steps :
1) Log in to the application after register new user
Username: test
Password: 12345
2) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.
3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,
First Name, Phone number, and other data

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.