Exploit for Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Name: Exploit for Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
Rating: 5 (174 reviews)

2022-09-27 | CVSS -0.6

## https://sploitus.com/exploit?id=PACKETSTORM:168524
# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)  
# Google Dork: N/A  
# Date: 2022-9-27  
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11  
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip  
# Tested on: windows 11 - XAMPP  
# CVE : N/A  
# Version: 1.0  
  
  
Vulnerability Details  
======================  
  
Steps :  
  
  
1) Log in to the application after register new user  
  
Username: test  
Password: 12345  
  
2) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.  
  
3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,  
  
First Name, Phone number, and other data