Share
## https://sploitus.com/exploit?id=PACKETSTORM:163238
# Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)  
# Date: 21/06/2021  
# Exploit Author: Pratik Khalane  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html  
# Version: 1.0  
# Tested on: Windows 10 Pro  
  
  
Vulnerability Details  
======================  
  
Steps :  
  
  
1) Log in to the application with the given credentials  
  
Username: kwizera  
Password: 12345  
  
2) Navigate to Invoice and Click on Print Invoice.  
  
3)In /Invoice.php?id=3005, modify the id Parameter to View User details,  
Address,  
Payments, Phone number, and Email of other Users