Headline
Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
Online Birth Certificate Management System version 1.0 suffers from an insecure direct object reference vulnerability.
# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0Vulnerability Details======================Steps :1) Log in to the application after register new userUsername: testPassword: 123452) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,First Name, Phone number, and other data