Security
Headlines
HeadlinesLatestCVEs

Headline

Multi Store Inventory Management System 1.0 Insecure Direct Object Reference

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox

Multi Store Inventory Management System 1.0 Insecure Direct Object Reference

Posted Jul 25, 2024

Authored by indoushka

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 32be0fec962b67faf38d315a9d6d5a0c83204e2e599b0319b92fa81fc435926a

Download | Favorite | View

Multi Store Inventory Management System 1.0 Insecure Direct Object Reference

====================================================================================================================================| # Title     : Multi Store Inventory Management System v1.0 IDOR Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/multistore_demo/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

File Tags

  • ActiveX (933)
  • Advisory (86,131)
  • Arbitrary (16,828)
  • BBS (2,859)
  • Bypass (1,853)
  • CGI (1,033)
  • Code Execution (7,780)
  • Conference (691)
  • Cracker (844)
  • CSRF (3,380)
  • DoS (25,001)
  • Encryption (2,389)
  • Exploit (53,073)
  • File Inclusion (4,257)
  • File Upload (989)
  • Firewall (822)
  • Info Disclosure (2,876)
  • Intrusion Detection (914)
  • Java (3,141)
  • JavaScript (895)
  • Kernel (7,169)
  • Local (14,774)
  • Magazine (586)
  • Overflow (13,149)
  • Perl (1,435)
  • PHP (5,220)
  • Proof of Concept (2,381)
  • Protocol (3,723)
  • Python (1,630)
  • Remote (31,616)
  • Root (3,625)
  • Rootkit (526)
  • Ruby (631)
  • Scanner (1,657)
  • Security Tool (8,023)
  • Shell (3,272)
  • Shellcode (1,217)
  • Sniffer (902)
  • Spoof (2,271)
  • SQL Injection (16,588)
  • TCP (2,440)
  • Trojan (690)
  • UDP (901)
  • Virus (669)
  • Vulnerability (32,903)
  • Web (9,949)
  • Whitepaper (3,781)
  • x86 (967)
  • XSS (18,236)
  • Other

File Archives

  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • Older

Systems

  • AIX (429)
  • Apple (2,090)
  • BSD (377)
  • CentOS (58)
  • Cisco (1,927)
  • Debian (7,082)
  • Fedora (1,693)
  • FreeBSD (1,246)
  • Gentoo (4,534)
  • HPUX (880)
  • iOS (376)
  • iPhone (108)
  • IRIX (220)
  • Juniper (69)
  • Linux (50,527)
  • Mac OS X (691)
  • Mandriva (3,105)
  • NetBSD (256)
  • OpenBSD (489)
  • RedHat (16,402)
  • Slackware (941)
  • Solaris (1,611)
  • SUSE (1,444)
  • Ubuntu (9,689)
  • UNIX (9,431)
  • UnixWare (187)
  • Windows (6,667)
  • Other

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution
Packet Storm