Security
Headlines
HeadlinesLatestCVEs

Headline

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

Posted Aug 16, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 98c12c7a5556d4399b71f053e8f21eaf5c59e49e15d4bf7f6b1980de56fec3c2

Download | Favorite | View

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 IDOR Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

File Tags

  • ActiveX (933)
  • Advisory (86,433)
  • Arbitrary (16,884)
  • BBS (2,859)
  • Bypass (1,865)
  • CGI (1,033)
  • Code Execution (7,817)
  • Conference (691)
  • Cracker (844)
  • CSRF (3,396)
  • DoS (25,088)
  • Encryption (2,389)
  • Exploit (53,217)
  • File Inclusion (4,263)
  • File Upload (996)
  • Firewall (822)
  • Info Disclosure (2,891)
  • Intrusion Detection (915)
  • Java (3,144)
  • JavaScript (897)
  • Kernel (7,223)
  • Local (14,799)
  • Magazine (586)
  • Overflow (13,172)
  • Perl (1,435)
  • PHP (5,225)
  • Proof of Concept (2,394)
  • Protocol (3,726)
  • Python (1,642)
  • Remote (31,665)
  • Root (3,636)
  • Rootkit (527)
  • Ruby (632)
  • Scanner (1,657)
  • Security Tool (8,028)
  • Shell (3,277)
  • Shellcode (1,217)
  • Sniffer (902)
  • Spoof (2,278)
  • SQL Injection (16,612)
  • TCP (2,441)
  • Trojan (690)
  • UDP (904)
  • Virus (670)
  • Vulnerability (32,999)
  • Web (9,966)
  • Whitepaper (3,782)
  • x86 (967)
  • XSS (18,259)
  • Other

File Archives

  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • Older

Systems

  • AIX (429)
  • Apple (2,099)
  • BSD (377)
  • CentOS (58)
  • Cisco (1,927)
  • Debian (7,100)
  • Fedora (1,693)
  • FreeBSD (1,246)
  • Gentoo (4,567)
  • HPUX (880)
  • iOS (378)
  • iPhone (108)
  • IRIX (220)
  • Juniper (69)
  • Linux (50,789)
  • Mac OS X (691)
  • Mandriva (3,105)
  • NetBSD (256)
  • OpenBSD (489)
  • RedHat (16,546)
  • Slackware (941)
  • Solaris (1,611)
  • SUSE (1,444)
  • Ubuntu (9,754)
  • UNIX (9,437)
  • UnixWare (187)
  • Windows (6,674)
  • Other

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution
Packet Storm