CVE-2021–40579
Insecure direct object references (IDOR)
👨🏼💻 Discovered by Tushar Jadhav
Profile: https://www.linkedin.com/in/tushar-jadhav-7a43b4171/
📄 Vulnerable version: 1.0
🔗 Vendor Homepage: https://www.sourcecodester.com/
Product: Online Enrollment Management System in PHP and Paypal Payment System
Vulnerability Title: Insecure direct object references (IDOR)
Detailed description: Found this vulnerability in the id parameter. Lead to business logic also, Anyone can download admission confirmed and paid invoice without any authentication.
Steps-To-Reproduce:
- Login into the Online Enrollment Management System admin panel.
2. Now go to the Students You can List Of Students, Where we can confirm the admission and payment.
3. Every form Has a Specific ID where We can change parameters and admission confirmed we can see the receipt.
4. As I changed the id I can see another user’s All PII details also and I’m able to confirm The Admission.
5. This vulnerability contains On Different locations. Also with that, we will get an admission receipt that we have paid money and admission confirmed.
6. This is the interesting part, In this case, if anyone knows their form id they can download their receipt without any authentication or fuzz the id parameter.
Thanks For Reading !!!