8f90c99e8c
8 changes to exploits/shellcodes SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Argus Surveillance DVR 4.0 - Unquoted Service Path OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR) FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated) Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR) Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE) Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Antminer Monitor 0.5.0 - Authentication Bypass
18 lines
No EOL
563 B
Text
18 lines
No EOL
563 B
Text
# Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
|
|
# Date: 31/08/2021
|
|
# Exploit Author: Allen Enosh Upputori
|
|
# Vendor Homepage: https://www.open-emr.org
|
|
# Software Link: https://www.open-emr.org/wiki/index.php/OpenEMR_Downloads
|
|
# Version: 6.0.0
|
|
# Tested on: Linux
|
|
# CVE : CVE-2021-40352
|
|
|
|
How to Reproduce this Vulnerability:
|
|
|
|
1. Install Openemr 6.0.0
|
|
2. Login as an Physician
|
|
3. Open Messages
|
|
4. Click Print
|
|
5. Change the existing "noteid=" value to another number
|
|
|
|
This will reveal everybodys messages Incuding Admin only Messages |